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Cybersecurity 
Consortium  Gets 
Insurer’s  Backing 

AIG  endorses  security  sensors  developed  by 
public/private  partnership  that  sidesteps  DHS 


BY  DAN  VERTON 

One  of  the  nation’s  largest  in¬ 
surers  is  throwing  its  weight 
behind  a  public/private  part¬ 
nership  that  claims  it  has  a 
better  answer  to  the  challenge 
of  sharing  security-related  in¬ 
formation  than  the  U.S.  De¬ 
partment  of  Homeland  Securi¬ 
ty  does. 

Though  details  haven’t  been 


POWER  CIOs 

Utilities  struggle  with  ways 
to  tackle  cybersecurity: 
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agreed  upon,  American  Inter¬ 
national  Group  Inc.  will  offer 
discounted  insurance  rates  to 
customers  that  deploy  securi¬ 
ty  sensors  being  developed  by 
the  Cyber  Incident  Detection 
&  Data  Analysis  Center.  Phila¬ 
delphia-based  CIDDAC  is  a 
volunteer  partnership  of  more 
than  a  dozen  IT  vendors,  user 
companies  and  the  FBI’s  Infra- 
Gard  program. 

Robert  A.  Parisi  Jr.,  senior 
vice  president  and  chief  under¬ 
writing  officer  at  AIG  eBusi¬ 
ness  Risk  Solutions,  said  New 
York-based  AIG  would  view 

Cybersecurity,  page  14 


Users  Weigh 
Merit  of  Office 
System  2003 

Some  question  need 
for  making  early  move 

BY  CAROL  SLIWA 

Microsoft  Corp.  won’t  merely 
be  pitching  new  versions  of 
Word,  Excel,  Outlook,  Power¬ 


Point  and  Access  when  it 
launches  Office  System  2003 
tomorrow  in  New  York. 

The  software  maker  will  try 
its  best  to  convince  corpora¬ 
tions  that  they  can  improve 
the  productivity  of  not  only 
individual  employees  but  also 
teams  of  workers  and  their  en¬ 
tire  organizations  by  upgrad¬ 
ing  to  the  integrated  set  of 
client  and  server  products  that 
its  Office  System  comprises. 

Office  System,  page  16 
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Check  out  our  list 
of  nearly  obsolete 
technologies.  If 
you’ve  still  got 
them,  it  might  be 
timetojump 
Ship.  PAGE  29 


Real-Time  IT  Heading  Offshore 


Financial  Firms  join 
forces  to  mitigate 
security  privacy  risks 

BY  PATRICK  THIBODEAU 
AND  LUCAS  MEARIAN 

Some  of  the  largest  financial 
services  firms  in  the  country 
are  banding  together  to  devel¬ 
op  a  set  of  best  prac¬ 
tices  for  moving  their 
real-time  IT  process¬ 
es  offshore. 

These  companies, 
in  a  sector  that’s  col¬ 
lectively  an  aggres¬ 
sive  user  of  low-cost 
offshore  IT  services,  aim  to  re¬ 
duce  the  risk  of  shifting  live 
operations,  including  produc¬ 
tion  application  support,  to  In¬ 
dia  and  other  countries. 

Offshore  development  has 


traditionally  focused  on  appli¬ 
cation  development  and  main¬ 
tenance  —  coding  work  that 
doesn’t  involve  access  to  live 
production  systems  or  data. 
But  IT  shops  will  take  more  of 
their  core  operations  offshore 
if  management  of  security,  pri¬ 
vacy  and  other  risks  can  be 
adequately  addressed. 

Once  companies 
start  managing  their 
production  applica¬ 
tions  offshore,  for¬ 
eign-based  providers 
will  theoretically 
have  access  to  live 
data,  said  Jim  Salters, 
director  of  technology  initia¬ 
tives  and  project  development 
at  the  New  York-based  Finan¬ 
cial  Services  Technology  Con¬ 
sortium,  or  FSTC,  which  is  de- 
Offshore,  page  61 


IN-DEPTH 

For  comprehensive 
coverage  of  outsourc¬ 
ing  issues,  go  online: 
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Stressing  Home 
Reid  Advantage 

U.S.  IT  vendors  are  attempting 
to  compete  with  offshore  ser¬ 
vice  providers  by  developing 
more  cost-effective  business 
models  and  telling  customers 
that  price  isn’t  everything. 

One  such  company  is  Aries- 
net  Inc.,  a  Web  developer  that 
uses  independent  contractors 
to  deliver  projects  in  a  system  it 
calls  "virtual  teaming.”  The  sys¬ 
tem  allows  Ariesnet  to  deploy 
its  workers  as  needed  and  get 
more  done  at  lower  cost,  said 
Cruce  Saunders,  president  of 
the  Dallas-based  company. 

By  treating  employees  well 
and  building  a  project  delivery 
structure  that  allows  flexibility 
Competing,  page  61 


Dr.  jim  Metzler 

Dr.  Jim  Metzler  is  widely  recognized  as  an  authority 
on  both  network  technology  and  its  business  appli¬ 
cations.  In  over  28  years  of  professional  experience, 
Jim  has  assisted  tens  of  vendors  refine  their  product 
strategies  and  simultaneously  helped  over  a  hundred 
enterprises  evolve  their  network  infrastructure. 


Managed 

>  What  is  a  managed  security  services  provider 
(MSSP)? 

An  MSSP  is  a  company  in  the  business  of  providing  electronic 
security  services  on  a  third-party  basis.  (MSSPs  such  as  Unisys 
are  preparing  to  support  physical  security  such  as  implementa¬ 
tions  of  Lenel  access  control  systems  or  IP-enabled  video  sur¬ 
veillance  cameras  that  might  be  remotely  monitored  from  a 
security  operations  center.)  There  are  a  wide  range  of  MSSPs — 
from  companies  that  provide  one  or  two  very  specific  security 
services  to  companies  that  provide  a  large  number  of  security 
services. 


“The  principle  benefit  of 
using  an  MSSP  is  that  it 
gives  a  company  access 
to  skilled  resources.” 

>  What  are  the  benefits  of  outsourcing  your 
enterprise  security  infrastructure  to  an 
MSSP? 

Driven  either  by  concerns  about  their  own  financial  vulnerabil¬ 
ity  or  possibly  by  government  regulation,  security  is  one  of  the 
top  issues  in  virtually  every  IT  organization.  Moreover,  security 
is  also  very  visible — if  a  company  has  a  security  breach,  it  is 
often  well-publicized  both  within  and  without  the  company.The 
principle  benefit  of  using  an  MSSP  is  that  it  gives  a  company 
access  to  skilled  resources. 

>  Does  a  company  relinquish  control  of 
security  services  when  using  an  MSSP? 

That  is  the  key  risk  associated  with  any  sort  of  outsourcing 
relationship.  Given  that,  it  is  important  to  turn  this  concern  into 
the  key  criteria  that  a  company  uses  when  choosing  what  they 
will  outsource,  as  well  as  to  whom  they  will  outsource.  In  par¬ 
ticular,  when  a  company  is  considering  using  an  MSSP,  the  com¬ 
pany  needs  to  ensure  that  the  MSSP  has  processes  that  are  flex¬ 
ible  enough  to  ensure  that  the  company  is  not  giving  up  an 
unacceptable  amount  of  control. 

>  Which  strategic  security  functions  should 
remain  in-house  and  which  can  be  outsourced? 

There  is  one  function  that  absolutely  must  be  outsourced,  and 
that  is  doing  a  security  audit.  Each  company  must  have  regular 
security  audits  performed.  The  MSSP  that  is  doing  the  audit 
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Services 

must  of  course  have  expertise  in  this  area  and  must  also  be 
clear  of  conflict  of  interest — it  cannot  be  an  organization  that  is 
providing  any  other  security  functionality  for  the  company. 

As  a  general  rule,  companies  that  fit  the  following  criteria 
should  outsource  functions: 

•  The  company  is  not  good  at  performing  that  functionality,  nor 
do  they  foresee  developing  the  requisite  expertise; 

•  The  company  feels  confident  that  they  have  found  an  MSSP 
with  the  expertise; 

•  The  company  feels  confident  that  it  can  maintain  a  high  level 
of  control  while  using  the  MSSP. 

>  What  should  a  company  look  for  in  a  potential 
MSSP? 

A  good  security  approach  should  embrace  a  multilayered 
security  infrastructure  that  requires  multiple  technologies, 
process  and  procedures  to  be  breached.  In  evaluating  security 
outsourcing,  an  organization  should  make  sure  that  they  do  the 
following: 

•  Obtain  clear  and  concise  Service  Level  Agreements 

•  Clearly  understand  the  roles  and  responsibilities  of  both  the 
outsourcing  provider  and  the  in-house  staff. 

•  Come  to  clear  agreement  on  security  incident  severity  levels 
and  the  desired  actions  should  an  incident  occur. 

•  Look  for  up-to-date  accreditation  or  certifications  for  the 
personnel  who  work  for  the  MSSP. 

•  Examine  what  security  tools  are  used  by  the  MSSP,  particu¬ 
larly  any  tools  that  the  MSSP  might  have  developed  that  pro¬ 
vide  important  functionality  that  the  company  currently  Sacks. 

•  Are  the  MSSP’s  processes  thorough  and  detailed  enough  to 
show  a  thought-out,  well-documented  approach  to  providing 
security? 

•  Choose  an  MSSP  that  has  a  strong,  demonstrable  track 
record  of  providing  the  security  services  of  interest  to  a  wide 
range  of  customers,  including  some  that  are  similar  to  the  com¬ 
pany  in  question. 

•  Check  to  make  sure  that  the  MSSP  can  provide  the  services 
in  the  local  geography  or  required  language. 


For  more  information,  please  call  800-874-8647  x385 
or  visit  www.unisys.com/security 
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Done: 

JetBlue  Airways  worked  with  Unisys  to  extend 
its  standardization  on  Microsoft  ®  Windows*® 
to  the  enterprise  level.  Our  experience,  support 
and  comprehensive  services  bring  mission-critical 
reliability  and  simplified  control  with  our  ES7000 
enterprise  server.  It  scales  to  32  Intel®  Xeon 
processors  for  massive  power  and  efficiency. 
And  the  money  JetBlue  saves  managing  its  data 


c  sterner  satis  action  high.  After  all.  the  more 
control  you  have  over  costs  and  complexity, 
the  more  competitive  edge  you  achieve. 
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The  right  management  should  do  more  than  just  protect. 

It  should  also  enable. 

eTrust™  Security  Management  Software 

With  eTrust  security  management  software,  your  information  isn't  just  safeguarded  from  internal  and  external  threats. 
We  provide  authorized  customers,  partners,  and  employees  with  appropriate  access  that  can  help  your  business  grow. 
In  addition  to  securing  data,  eTrust  also  provides  a  single  view  of  your  security  environment,  so  you  can  make  real-time 
decisions  based  on  comprehensive  information.  If  you're  looking  for  ways  to  minimize  risk  while  maximizing  your 
potential,  or  to  get  a  white  paper,  go  to  ca.com/security. 
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The  Silent  ROI  Killer 

In  the  Management  section:  A  recent 
study  shows  that  spam  takes  a  big  chunk 
out  of  employee  productivity  and  has  a 
negative  effect  on  e-mail  users.  Page  49 


Managing  Over  the  Airwaves 

In  the  Technology  section:  Setting  up  a  wireless  LAN 
opens  up  a  new  set  of  network  management  challenges. 
Fortunately,  as  the  popularity  of  such  networks  has  grown,  so 
have  the  options  available  to  monitor  and  manage  them.  The  trick 
is  choosing  the  right  software  for  the  job.  Page  36 
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6  Microsoft  users  get  their  first 
taste  of  the  company’s  month¬ 
ly  security  patching  —  and  it 
was  a  mouthful. 

6  The  FBI  needs  to  do  more 

for  IT  security,  says  a  federal 
report. 

7  A  Toronto  airport  installs  a 
centrally  managed  WLAN 
to  avoid  security  problems. 

8  Los  Alamos  tries  an  object- 
based  storage  device  to  boost 
I/O  throughput  in  a  Linux 
cluster. 

10  Portfolio  management  has 

helped  users  gauge  the  value 
of  IT  investments,  despite 
some  business  resistance. 

10  Supply  chain  management 
yields  payback  only  after 
some  effort,  users  caution. 

12  Hospitals  have  adopted  a 

mix  of  network  security  tools 
rather  than  relying  exclusively 
on  Cisco’s  LEAP. 

14  Oracle  adds  ID  security  fea¬ 
tures  to  its  database  and  ap¬ 
plication  server. 

16  Early  Office  2003  adopters 

applaud  project  and  docu¬ 
ment  management  upgrades. 

20  EMC  adds  content  tools  to 

its  storage  product  line. 

20  Citrix’s  CEO  discusses  Linux, 
Microsoft  and  his  company’s 
licensing  strategy. 

21  Elance  upgrades  its  procure¬ 
ment  software. 


29  Submerging  Technologies: 
Five  That  Are  Sinking  Fast. 

No  support.  No  parts.  No 
patches  or  updates.  As  these 
five  technologies  fade  away, 

IT  managers  face  tough  choic¬ 
es.  Are  you  prepared  to  pull 
the  trigger? 

40  QuickStudy:  SPML.  The 

XML-based  Services  Provi¬ 
sioning  Markup  Language 
is  designed  to  help  organiza¬ 
tions  exchange  user,  resource 
and  service  provisioning 
information. 

42  Security  Manager’s  Journal: 
Child  Porn  Gets  by  Filters; 
Feds  Follow.  An  employee 
at  Mathias  Thurman’s  compa¬ 
ny  is  suspected  of  using  his 
work  account  to  send  child 
pornography,  so  the  security 
manager  must  provide  data  to 
federal  officials. 
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47  Free  Hot  Spots  Pay  Dividends. 

Hotels  and  restaurants  say 
that  giving  away  wireless  In¬ 
ternet  access  draws  and  re¬ 
tains  customers  and  delivers 
a  strong  ROI. 

50  Let’s  Make  a  Deal.  Experts 
explain  how  IT  managers  can 
get  the  best  deals  in  external 
and  internal  IT  negotiations. 

51  Q&A:  More  Bang  for  the 
Buck.  McKinsey  Global  Insti¬ 
tute  director  Diana  Farrell 
describes  a  two-year  study 
that  reveals  how  to  get  more 
productivity  from  your  IT 
investments. 


8  On  the  Mark:  Mark  Hall 

thinks  you  should  hurry  up 
and  dump  Microsoft’s  Java 
Virtual  Machine  before  it  be¬ 
comes  your  biggest  security 
problem. 

24  Maryfran  Johnson  reports 
that  the  major  market  re¬ 
search  firms  are  finally  own¬ 
ing  up  to  the  issue  of  disclo¬ 
sure  on  vendor-sponsored 
research. 

24  Pimm  Fox  has  found  a  compa¬ 
ny  that  uses  help  desk  tools  to 
do  more  than  track  end-user 
woes. 

25  Michael  Gartenberg  argues 
that  Microsoft  is  actually  do¬ 
ing  a  decent  job  securing  its 
technology.  Users,  however, 
are  another  matter. 

44  Robert  L.  Mitchell  shares  a 
few  of  his  pet  peeves,  such 
as  vendors’  “solutions”  and 
canned  analyst  quotes. 

52  Tom  Pisello  says  service-level 
agreements  can  help  guaran¬ 
tee  returns  on  investments 
with  IT  vendors. 

62  Frankly  Speaking:  Frank  Hayes 

explains  why  the  emerging 
Data  Center  Markup  Lan¬ 
guage  could  be  a  simple  way 
to  solve  complex  IT  problems. 
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Hire  People,  Not  Tools 

DEVELOPMENT:  There’s  a  lot  more  than 
technical  skills  to  consider  when  hiring  a 
developer  onto  your  team,  says  columnist 
Johanna  Rothman.  ©  QuickLink  41972 

Book  Excerpt:  The  Art  of 
Unix  Programming 

DEVELOPMENT:  Author  Eric  S.  Raymond 
discusses  the  philosophy  of  Unix,  what 
it  got  right  and  what  it  got  wrong. 

©  QuickLink  41814 

Ten  Steps  to  a  Successful 
Security  Policy 

SECURITY:  Adrian  Duigan,  product  man¬ 
ager  at  NetIQ_,  offers  advice  to  network 
administrators  on  developing  an  accept¬ 
able-use  policy.  ©  QuickLink  40050 


All  I  Know  About  Software 


Upgrades  I  Learned  From  My  Dog 

MANAGEMENT:  If  your  current  dog  is 
housebroken,  why  would  you  want  to  get 
a  new  puppy  and  go  through 
that  hassle  again?  Rebecca 
Wettemann  of  Nucleus 
Research  asks  the 
same  question  about 
software  upgrades. 
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SCO  Holds  Off  on 
Rise  in  Linux  Fee 

The  SCO  Group  Inc.  said  it  will 
give  Linux  users  another  two 
weeks  before  doubling  the  license 
fees  it’s  seeking  from  them  to 
cover  what  the  company  claims  is 
unauthorized  use  of  its  Unix  tech¬ 
nology.  The  current  price  of  $699 
per  CPU  will  remain  in  effect  until 
Oct.  31,  SCO  said.  The  Lindon, 
Utah-based  company  has  also  in¬ 
definitely  shelved  a  plan  to  begin 
sending  licensing  invoices  to  cor¬ 
porate  Linux  users. 


VeriSign  to  Divest 
Domain-Name  Unit 

VeriSign  Inc.  in  Mountain  View, 
Calif.,  is  selling  control  of  its  Net¬ 
work  Solutions  Inc.  domain-name 
registration  unit  as  part  of  a  plan 
to  focus  on  IT  security  and  other 
infrastructure  technologies.  Veri¬ 
Sign  said  Pivotal  Private  Equity  in 
Phoenix  will  pay  $100  million  for 
an  85%  stake  in  Network  Solu¬ 
tions.  Meanwhile,  VeriSign  will  re¬ 
tain  its  domain-name  registry 
business.  (Read  an  interview  with 
VeriSign  CEO  Stratton  Sclavos  on 
our  Web  site:  QuickLink  42208.) 


Sun  Reports  Loss, 
Weak  Server  Sales 

Sun  Microsystems  Inc.  reported  a 
$286  million  loss  on  revenue  of 
$2.54  billion  for  its  first  quarter, 
which  ended  Sept.  28.  CEO  Scott 
McNealy  said  it  could  take  “the 
next  couple  of  years”  for  sales  of 
high-end  servers  to  rebound.  Rev¬ 
enue  was  down  8%  year-over- 
year,  partly  as  a  result  of  a  halt  in 
most  server  shipments  during 
July  because  of  quality  problems 
that  have  been  since  resolved. 


EMC  Has  Profit, 
20%  Revenue  Gain 

EMC  Corp.  said  it  earned  a  profit 
of  $159  million  on  $1.51  billion  in 
revenue  in  the  third  quarter.  Rev¬ 
enue  was  up  20%  from  the  year- 
earlier  totai  of  $1.26  billion.  (See 
related  story,  page  20.) 


Microsoft  Users  Get  First 
Taste  of  Monthly  Patching  Plan 


Users’  feelings  mixed  about  getting  fixes 
for  five  major  flaws  simultaneously 


BY  JAIKUMAR  VIJAYAN 

Microsoft  corp. 

last  week  re¬ 
leased  seven 
patches  —  five  of 
them  for  critical  vulnerabili¬ 
ties  —  as  part  of  its 
recently  announced 
plan  to  move  to  a 
monthly  security 
update  schedule. 

Five  of  the  patch¬ 
es  are  for  flaws  in 


USER  PATCH 

Microsoft  releases  a  consol¬ 
idated  patch  with  22  updates 
to  Windows  XP: 

©  QuickLink  42218 
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Windows,  and  two  are  for 
flaws  in  Exchange  Server. 

The  fact  that  users  now 
have  to  deal  with  several 
patches  at  once  is  “disappoint¬ 
ing”  said  Edward  York,  chief 
technology  officer  at  724  Inc., 
an  application  service  provid¬ 
er  in  Lompoc,  Calif. 

“I  was  pretty  upset  yester¬ 
day  when  I  saw  all  those 
patches  come  out  at  once,” 
York  said.  “But  when  I  sit 
down  and  think  about  it,  it’s 
probably  not  all  that  bad”  to 
have  a  monthly  schedule  for 
patching,  he  added.  “It  will 
probably  be  quicker  for  me  to 


manage  my  systems  instead  of 
having  to  update  two  or  three 
times  a  month.” 

“It’s  nice  to  get  the  patches 
as  a  cluster  of  patches  instead 
of  one  patch  at  a  time,”  said 
Tim  Rice,  network 
systems  analyst  at 
Duke  University 
Health  System  in 
Durham,  N.C.  The 
hospital  uses  an  au¬ 
tomated  patching 
tool  from  Emeryville,  Calif.- 
based  BigFix  Inc.  to  deploy 
patches  to  all  5,600  systems  on 
its  network.  Getting  multiple 
patches  at  the  same  time  will 
make  patch  testing  easier,  Rice 
said.  A  new  option  for  unin¬ 
stalling  patches  that  appears 
along  with  the  security  bul¬ 
letin  is  also  useful,  he  added. 

However,  with  a  monthly 
schedule,  “the  longer  potential 
delay  between  a  patch  being 
ready  and  me  getting  it  con¬ 
cerns  me  a  little  bit,”  Rice  said. 

The  University  of  Texas  at 
Dallas  is  using  Microsoft’s  au¬ 
tomated  Software  Update  Ser¬ 


vice  to  deploy  patches.  So 
moving  to  a  monthly  schedule 
won’t  make  much  difference, 
said  Paul  Schmehl,  the  univer¬ 
sity’s  adjunct  information  se¬ 
curity  officer. 

“Frankly,  I  don’t  think 
they’re  going  to  be  able  to 
strictly  adhere  to  a  monthly 
release  schedule  anyway,” 
Schmehl  said.  With  some  seri¬ 
ous  patches,  “they  won’t  have 
the  option  to  wait  until  the 
next  monthly  release.” 

Threat  Assessment 

Of  the  vulnerabilities  for 
which  Microsoft  released 
patches  last  week,  three  in 


‘Critical’  Patches 

MS03-041:Flawin 

Authenticode 


MS03-042:  Buffer  overflow 
in  an  ActiveX  control 

MS03-043:  Flaw  in  Windows 
Messenger  Service 

MS03-044:  Buffer  overflow  in 
a  help  function  in  Windows  XP 
and  Windows  Server  2003 

MS03-046:  Raw  in  Internet 
Mail  Service 


particular  are  serious,  said 
Russ  Cooper,  editor  of  NT- 
Bugtraq  and  an  analyst  at 
Herndon,  Va.-based  Tru- 
Secure  Corp. 

The  most  serious  is  a 
buffer-overrun  flaw  in  Win¬ 
dows’  Messenger  Service.  The 
feature  has  already  been  wide¬ 
ly  exploited  to  spam  unpro¬ 
tected  Internet-connected  sys¬ 
tems.  “It  is  such  a  simple  ser¬ 
vice  that  it  is  very  easy  to  craft 
a  buffer-overflow”  attack  that 
exploits  the  flaw,  Cooper  said, 

Another  major  flaw  is  in  a 
Microsoft  technology  called 
Authenticode,  which  is  used  to 
verify  the  authenticity  of 
downloadable  software  and 
applications  —  such  as  a 
Macromedia  player,  for  in¬ 
stance.  The  flaw  could  allow 
attackers  to  download  mali¬ 
cious  ActiveX  controls  on  a 
victim’s  computer  under  cer¬ 
tain  low-memory  conditions, 
Cooper  said. 

The  third  serious  flaw  exists 
in  the  Internet  Mail  Service 
associated  with  Exchange 
Server.  The  flaw  could  result 
in  denial-of-service  attacks 
against  vulnerable  systems. 
Cooper  said.  ©  42185 


Government  Report  Says  FBI 
Needs  to  Do  More  to  Secure  IT 


Audit  finds  FBI’s 
IT  infrastructure 
remains  vulnerable 

BY  TODD  R.  WEISS 

Despite  improvements  that 
have  been  made  since  the 
Sept.  11  terrorist  attacks,  core 
parts  of  the  FBI’s  IT  infra¬ 
structure  remain  vulnerable  to 
security  problems,  making  it 
harder  for  the  agency  to  help 
protect  the  nation. 

That’s  one  of  the  main  find¬ 
ings  of  an  audit  of  the  FBI’s  IT 
systems  that  was  released  last 


week  by  the  U.S.  Department 
of  Justice’s  inspector  general. 
The  178-page  report  said  that 
some  of  the  11  “major  internal 
control  weaknesses”  found  in 
a  1990  audit  are  still  applicable 
now. 

“We  do  believe  strongly  that 
the  FBI  needs  to  move  into  the 
21st  century,  or  even  the  20th 
century,  in  order  to  equip  [its] 
agents  with  the  tools  they 
need  to  do  their  jobs  better,” 
said  Paul  Martin,  a  deputy  in 
the  inspector  general’s  office. 
“They’re  making  strides,  but 
they  have  further  to  go.” 


Progress  has  been  made  in 
improving  the  security  of  in¬ 
vestigative  and  administrative 
systems  that  run  on  main¬ 
frames  at  FBI  headquarters 
and  a  data  center  in  West  Vir¬ 
ginia,  the  audit  found.  But  se¬ 
curity  gaps  remain,  the  report 
said.  “These  repeated  defi¬ 
ciencies  indicate  that,  in  the 
past,  FBI  management  had  not 
paid  sufficient  attention  to  im¬ 
proving  its  IT  program,”  it 
added. 

The  report  cited  concerns 
about  the  agency’s  IT  security 
policies,  procedures  and  stan¬ 


dards;  its  data  backup  and 
restoration  controls;  its  pass¬ 
word  and  log-on  management 
approaches;  and  its  system  au¬ 
diting  and  patching  capabili¬ 
ties.  The  various  shortcom¬ 
ings  were  labeled  as  “high-to- 
moderate  risk”  security  flaws. 

The  inspector  general  rec¬ 
ommended  that  the  FBI  take 
several  steps  to  make  addi¬ 
tional  improvements,  includ¬ 
ing  the  development  of  specif¬ 
ic  procedures  for  implement¬ 
ing  actions  that  were  called 
for  in  earlier  audits  (see  box). 
The  report  also  said  the  agen¬ 
cy  should  ensure  that  its  new 
Automated  Response  and 
Compliance  System  database, 
which  is  used  to  track  IT  im¬ 
provements  and  provide  real¬ 
time  status  information  to  FBI 
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Toronto  Airport  Puts  Emphasis 
On  Security  With  WLAN  Project 

Central  control,  role-based  access 
scheme  are  designed  to  deter  intruders 


BY  BOB  BREWIN 

In  a  bid  to  avoid  the  IT  securi¬ 
ty  problems  that  have  plagued 
some  airport  wireless  LANs, 
the  Greater  Toronto  Airports 
Authority  (GTAA)  is  installing 
a  centrally  managed  WLAN 
that  was  designed  from  the 
ground  up  to  prevent  intru¬ 
sions  into  applications  such  as 
baggage-handling  systems. 

The  WLAN,  which  is  being 
installed  in  a  terminal  that’s 
due  to  open  early  next  year  at 
Toronto  Pearson  International 
Airport,  will  use  a  role-based 
access  control  approach  de¬ 
signed  by  Hewlett-Packard 
Co.’s  Canadian  unit.  HP  Cana¬ 
da  won  a  contract  to  install 
the  network  in  January,  and 
details  of  the  project  were  dis¬ 
closed  last  week. 

At  many  U.S.  airports,  air¬ 
lines  have  installed  WLANs 
on  an  ad  hoc  basis,  in  some 
cases  creating  unencrypted 
networks  that  were  open  to 
sniffing  and  potential  intru¬ 
sions  [QuickLink  26374].  In  an 
effort  to  avoid  those  problems, 
the  GTAA  will  install  its  own 


officials,  is  kept  up  to  date. 

FBI  spokesman  Paul  Bresson 
said  the  agency  agrees  with 
many  of  the  recommendations 
in  the  report.  “Many  of  them, 


The  inspector  general’s  report 
on  the  agency’s  systems: 

■  that  IT  security 
vulnerabilities  remain  despite 
multiple  warnings. 

■  for  the  11  to  imple¬ 
ment  earlier  recommendations 
to  improve  security. 

that  FBI  managers 
be  held  accountable  tor  making 
needed  changes., 


WLAN  plus  a  fiber  backbone 
and  manage  the  network  for 
the  airlines  that  use  the  air¬ 
port,  said  James  Burke,  vice 
president  of  IT  and  telecom¬ 
munications  at  the  GTAA. 

“We  have  stepped  into  the 
network  management  role,”  he 
said.  “There  is  no  doubt  who 
is  managing  the  wireless  spec¬ 
trum.  No  one  wants  baggage¬ 
tracking  data  sniffed.”  Burke 
and  HP  officials  declined  to 
disclose  the  project’s  cost, 
other  than  to  say  it’s  a  multi- 
million-dollar  initiative. 

Setting  Boundaries 

In  an  attempt  to  prevent  any 
network  intrusions,  HP’s  role- 
based  setup  is  able  to  control 
access  to  the  WLAN  based  on 
the  jobs  and  work  locations  of 
end  users,  said  Victor  Garcia, 
director  of  mobility  services  at 
HP  Canada.  For  example,  a 
ramp  worker  loading  luggage 
onto  planes  would  be  able  to 
access  the  bag-tracking  appli¬ 
cation  on  the  WLAN  only 
within  about  320  feet  of  his 
usual  work  location.  Such  ac- 


we’re  already  working  on,”  he 
said.  “There  are  still  deficien¬ 
cies,  but  we  have  made  signifi¬ 
cant  progress  over  the  years  in 
upgrading  our  IT.” 

In  addition  to  the  security 
issues,  the  inspector  general 
took  the  FBI  to  task  for  having 
systems  that  are  difficult  to 
use.  For  example,  the  report 
described  the  agency’s  inves¬ 
tigative  systems  as  “labor-in¬ 
tensive,  complex,  untimely 
and  non-user  friendly.” 

For  the  past  three  years,  the 
FBI  has  been  working  on  an  IT 
modernization  project  called 
Trilogy  that  involves  installing 
a  new  network  and  upgrading 
desktop  systems  and  end-user 
applications.  The  project  is 
due  for  completion  by  May, 

FBI  officials  said.  O  42190 


cess  parameters  will  be  man¬ 
aged  by  a  database  of  role-spe¬ 
cific  information  about  airport 
workers,  Garcia  said. 

The  role-based  access  sys¬ 
tem  will  also  make  it  easier  for 
the  GTAA  to  add  public  Wi-Fi 
access  capabilities  and  keep 
public  users  separated  from 
the  secure  part  of  the  network, 
according  to  Garcia. 

HP  Canada  tapped  Burling¬ 
ton,  Mass.-based  Bluesocket 
Inc.  to  provide  the  security 
technology  for  the  WLAN. 
Dave  Juitt,  Bluesocket’s  chief 
technology  officer,  said  the 
company’s  wireless  gateways 
could  be  configured  to  make 


BY  PATRICK  THIBODEAU 

Sun  Microsystems  Inc.  last 
week  detailed  an  initiative  to 
make  Solaris  on  x86  more  at¬ 
tractive  to  users  by  broaden¬ 
ing  application  support. 

Company  officials  said  Sun 
is  working  with  as  many  as  150 
key  business  application  ven¬ 
dors,  including  BEA  Systems 
Inc.,  Oracle  Corp.  and  Sybase 
Inc.,  to  ensure  that  their  appli¬ 
cations  are  optimized  for  So¬ 
laris  on  x86. 

John  Loiacono,  vice  presi¬ 
dent  of  operating  platforms  at 
Sun,  said  it’s  critical  that  So¬ 
laris  on  x86  has  up-to-date  sup¬ 
port  from  mainstream  business 
application  vendors.  “Without 
applications,  the  platforms 
aren’t  very  useful,”  he  said. 

Solaris  on  x86  is  getting 
backing  from  users  such  as 
Gerry  Vest,  a  systems  adminis¬ 
trator  at  the  Southwest  Foun¬ 
dation  for  Biomedical  Re¬ 
search  in  San  Antonio.  The 
foundation  is  running  Solaris 
on  a  cluster  of  700  dual-proc¬ 
essor  Intel-based  servers. 

“The  code  base  for  Solaris 
x86  is  based  on  Sparc  Solaris, 
which  is  rock-solid,”  said  Vest. 
“In  that  respect,  it’s  Linux  that 


Security 

Mechanisms 

■  Access  control:  End  users 
will  get  network  access  privi¬ 
leges  based  on  their  jobs  and 
work  locations. 

■  Supported  protocols: 

LEAP,  PEAP  and  LDAP  tor  user 
authentication;  DES,  Triple  DES 
and  AES  for  data  encryption. 

■  Segmented  traffic:  The  air¬ 
port  can  use  the  WLAN  to  offer 
public  Wi-Fi  access  without  af¬ 
fecting  network  operations. 

the  network  access  controls 
even  more  precise.  Access 
could  be  granted  to  users  for 
limited  periods  —  such  as  the 
time  needed  to  load  or  unload 
an  aircraft’s  baggage  hold. 

In  addition,  the  gateways 


has  to  play  catch-up.” 

Matthew  Leeds,  vice  presi¬ 
dent  of  operations  at  Grace- 
note  Inc.,  an  Emeryville,  Calif., 
company  that  produces  sys¬ 
tems  used  in  music  recogni¬ 
tion,  evaluated  both  Solaris  on 
x86  and  Linux.  It  opted  for  So¬ 
laris  on  x86  because  of  its  bet¬ 
ter  transaction-processing  ca¬ 
pability,  Leeds  said.  Though 
Linux  was  attractive  for  its  off- 
the-shelf  cost,  long-term  sup¬ 
port  costs  mitigated  the  initial 
pricing  differences,  he  said. 

Product  Direction 

Sun  has  hired  developers  to 
support  Solaris  on  the  64-bit 
Opteron  processor  from  Ad¬ 
vanced  Micro  Devices  Inc. 
Loiacono  said  Sun  has  no 
plans  to  do  likewise  for  Intel 


What’s  Next 


NOV.  10:  Next  Solaris  Ex¬ 
press  release  will  have  track¬ 
ing  capabilities  to  probe  per¬ 
formance  problems. 

MARCH  2004:  Beta  version 
ofSolaris.Next 

Q4  2004:  Solaris.Next 


Sun  Moves  to  Broaden  App 
Support  for  Solaris  on  x86 


could  be  set  up  to  support  a 
variety  of  authentication  and 
encryption  technologies  to 
give  the  WLAN  “bulletproof” 
security,  Juitt  said  (see  box). 

Burke  said  the  WLAN  will 
support  the  core  baggage¬ 
tracking  application  being  in¬ 
stalled  at  Pearson’s  new  Ter¬ 
minal  1  by  Societe  Internation¬ 
ale  de  Telecommunications  de 
Aeronautiques,  an  airline- 
owned  IT  company  in  Geneva. 

The  WLAN  includes  256  tri¬ 
mode  wireless  access  devices 
made  by  Cisco  Systems  Inc., 
all  designed  to  support  the 
802.11a,  802.11b  and  802.11g 
protocols.  That  should  enable 
the  GTAA  to  add  high-band¬ 
width  applications  such  as 
video  surveillance  cameras  to 
the  wireless  network  without 
overtaxing  it,  Burke  said. 

©  42189 


Corp.’s  64-bit  Itanium  because 
it  doesn’t  see  customer  de¬ 
mand  for  it.  The  Opteron  sup¬ 
port  may  be  ready  by  the  mid¬ 
dle  of  next  year,  he  said. 

Sun’s  efforts  to  boost  Solaris 
on  x86  began  in  earnest  in  May, 
when  it  released  servers  run¬ 
ning  Intel’s  Xeon  processors. 

The  company  maintains  that 
Solaris.Next  —  what  might 
otherwise  be  called  Solaris  10 
—  will  offer  strong  incentives 
for  companies  to  opt  for  Unix 
on  Intel  over  Windows  or  Lin¬ 
ux.  The  next  version  of  Solaris 
is  set  for  release  in  the  fourth 
quarter  of  2004. 

Solaris.Next  will  include 
self-healing  capabilities  to  deal 
with  problems  created,  for  in¬ 
stance,  by  application  memory 
leaks:  file  systems  that  scale  to 
handle  terabytes  of  data;  and 
security  capabilities  already 
available  in  Sun’s  Trusted  So¬ 
laris  version  that  allow  access 
control  at  the  root  level. 

Dan  Kusnetzky,  an  analyst  at 
IDC  in  Framingham,  Mass., 
said  Sun’s  x86  strategy  has 
been  hurt  by  the  perception 
that  the  company  isn’t  as  will¬ 
ing  to  embrace  the  Intel  plat¬ 
form  as  its  competitors.  To 
convince  users  otherwise,  Sun 
will  have  to  take  measures 
such  as  porting  all  its  tools  to 
the  x86  version  of  Solaris,  he 
said.  O  42184 
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MARK  HALL  ■  ON  THE  MARK 

Sun,  Microsoft  Legal 
Minds  Put  Windows . . . 

. . .  users  at  risk  but  have  thankfully  delayed  the  dangerous  days  until 
Sept.  2004.  That’s  when  lingering  unsecure  Microsoft  Java  Virtual  Machines 

will  become  hackers’  target  of  choice.  While  the  JVM  agreement  be¬ 
tween  Microsoft  Corp.  and  Sun  Microsystems  Inc.  [QuickLink  41927] 
helps  IT  departments,  it  only  delays  the  impending  corporate  chaos 
and  calamity  when  unchanged  Windows  systems  go  kablooie.  That’s 


what  keeps  Conchango  New  York  Inc. 
President  Ted  Dinsmore  awake  at  night. 
Or,  more  likely,  his  clients.  The  subsidiary 
of  IT  consultancy  Conchango  Ltd.  in  Sur¬ 
rey,  England,  has  been  sounding  the  alarm 
to  all  of  its  customers:  Swap  out  your  JVM 
now.  Come  September,  Microsoft  loses  its 
legal  access  to  the  Java  source  code,  so  it 
will  never  be  able  to  patch  its  JVM  again. 
Even  if  Microsoft  wanted  to  assist  its  best 
customers  with  an  update  during,  say,  a 
major  security  crisis,  the  deal  forbids  it. 
“This  is  a  very  scary  issue,”  says  Dins¬ 
more.  “Millions  of  ma¬ 
chines  are  involved.” 

That  a  security  flaw  will 
be  found  and  exploited 
is  inevitable,  argues 
Dinsmore.  “Most  hack¬ 
ers  are  Java  guys,”  he 
says.  Perhaps  Tom  Ridge 
should  send  a  posse  to  the 
next  JavaOne  conference. 

■  Microsoft  is  being 
compelled  to  help  in  the 
JVM  transition  and  has 
the  best  resource  site  to 
help  you  get  it  done 
[QuickLink  a3730].  But 
this  potential  swap  rais¬ 


es  an  interesting  issue.  Users  that  were 
thinking  about  moving  away  from  a  Java 
approach  to  application  development  and 
deployment  and  going  with  .Net  instead 
might  not  want  to  make  the  shift  while 
they’re  in  crisis  mode,  ripping  and  replac¬ 
ing  JVMs  everywhere.  Then  again,  it  may 
be  the  motivation  that  pushes  the  .Net  tran¬ 
sition  higher  on  ITs  to-do  list.  ■  When  you’re 
done  worrying  about  security  (yeah, 
right),  you  might  want  to  mull  over  why 
your  global  network  is  so  sluggish.  Doug 
Brent,  CEO  of  Packet  Design  LLC  in  Palo 
Alto,  Calif.,  thinks  the 
best  way  to  get  to  the 
bottom  of  the  problem 
is  to  start  at  Level  3, 
where,  he  claims,  30% 
to  50%  of  network  prob¬ 
lems  originate.  That’s 
where  packets  get  rout¬ 
ed  and  where  his  com¬ 
pany’s  Route  Explorer 
2.0  gathers  data  on  how 
those  packets  are  flying 
around  your  seven-lay¬ 
er  TCP/IP  network. 

The  appliance,  which 
ships  today,  can  present 
a  topology  map  of  actu¬ 


al  packet  routes,  not  just  device  intercon¬ 
nections.  Route  Explorer  can  display  rout¬ 
ing  data  in  real  time  or  for  user-defined 
periods.  It  supports  a  variety  of  Internet 
routing  protocols  such  as  BGP,  IS-IS  and 
OSPF.  Later  this  quarter,  Packet  Design 
will  ship  support  for  Cisco  Systems  Inc.’s 
EIGRP.  Prices  start  at  $19,000.  ■  With  your 
well-tuned  network,  users  can  buzz  on  over 
to  Buzzsaw,  a  global  online  collaboration 
service  for  construction  project  managers, 
from  AutoDesk  Inc.  Version  5  of  the  ser¬ 
vice  is  available  today,  offering  modules 
with  dashboard  monitors  designed  for 
builders  in  industries  such  as  retail,  manu¬ 
facturing  and  health  care.  ■  But  if  you’re 
going  to  sign  an  ASP  agreement  to  sup¬ 
port  employees,  partners  or  customers 
overseas,  John  Duncan  has  a  word  of  cau¬ 
tion.  Duncan  is  counsel  at  Nixon  Peabody 
LLP  in  New  York,  and  in  reviewing  ASP 
contracts  for  his  clients,  he’s  noticed 
something.  “They  use  the  terms  royalty 
and  license,”  he  says.  Makes  sense.  ASPs 
are  just  software  guys  with  Internet  ac¬ 
cess.  Still,  that  set  off  Duncan’s  tax-law  radar 
because  royalties  and  licenses  can  be  sub¬ 
ject  to  nations’  tax  whims.  It’s  best  to 
“substitute  the  word  service  for  royalty  or 
license  in  a  contract,  to  protect  yourself 
from  rate-hike  surprises  of  tax  changes  in 
a  nation  where  you  do  business,”  he  says. 

■  Kelvin  Burton,  CTO  at  Mercy  Ships,  a 
nonprofit  medical  relief  agency,  has  con¬ 
cluded  that  time  spent  with  the  beta  ver¬ 
sion  of  Reactor  5.5,  a  process  control  man¬ 
agement  application  from  Oak  Grove  Sys¬ 
tems  Inc.  in  Calabasas,  Calif.,  was  worth¬ 
while.  He  says  the  new  version  integrated 
smoothly  with  his  LDAP  directory  and  is  the 
best  way  he  has  found  to  keep  track  of 
who’s  doing  what  among  the  ever-chang¬ 
ing  list  of  staffers  and  volunteers  on 
projects  worldwide.  Reactor  5.5  is  avail¬ 
able  for  everyone  else  today  at  $10,000  per 
CPU.  ©  42170 


SupportSoft  Inc.  in  Redwood  City, 
Calif.,  won’t  release  its  complete  help 
desk  management  suite  Real  Time 
Service  Management  Platform  6.0 
until  Q1 2004.  But  the  first  modules 
ship  today,  starting  with  LiveAssist, 
for  high  volumes  of  customer  support 
chat  sessions;  Knowledge  Center,  for 
information  self-service;  Remote- 
Assist,  which  lets  technicians  control 
remote  PCs;  and  AutoDiscovery  and 
Metering,  which  finds  hardware  and 
software  assets  on  your  network. 


Los  Alamos  Tries  Object-based  Storage 


■ 

Vendors  Propose 
Utility  IT  Standard 

Electronic  Data  Systems  Corp. 
and  Opsware  Inc.  in  Sunnyvale, 
Calif.,  announced  a  proposed  utili¬ 
ty-computing  standard  for  model¬ 
ing  the  system  resources  in  data 
centers.  More  than  25  other  com¬ 
panies,  including  Computer  Asso¬ 
ciates  International  Inc.  and  BEA 
Systems  Inc.,  said  they  support 
the  Data  Center  Markup  Langu¬ 
age  proposal.  (For  more,  see 
“Frankly  Speaking,”  page  62.) 


IBM  to  Acquire 
Integration  Tools 

IBM  said  it’s  acquiring  the  soft¬ 
ware  assets  of  CrossAccess 
Corp.,  a  Santa  Clara,  Calif.-based 
vendor  of  tools  for  integrating 
mainframe  databases  sold  by  IBM 
and  rival  vendors  with  applica¬ 
tions  running  on  other  systems. 
The  purchase  price  wasn’t  dis¬ 
closed.  IBM  said  it  plans  to  meld 
CrossAccess’  eXadas  software 
with  the  DB2  Information  Integra¬ 
tor  technology  it  released  last 
spring  [QuickLink  36185]. 


Oracle  Makes  Cuts 
In  Marketing . . . 

Oracle  Corp.  confirmed  that  it  has 
laid  off  marketing  workers  but 
didn’t  say  how  many  employees 
were  let  go.  A  spokeswoman  said 
the  cuts  were  part  of  a  restructur¬ 
ing  after  Executive  Vice  President 
Chuck  Phillips  took  over  as  head 
of  the  marketing  unit.  More  de¬ 
tails  will  be  disclosed  when  Oracle 
reports  its  financial  results  in  ear¬ 
ly  December,  she  added. 


. . .  And  Extends  Its 
Offer  for  PeopleSoft 

Meanwhile,  Oracle  extended 
through  year’s  end  its  hostile 
takeover  offer  for  business  appli¬ 
cations  rival  PeopleSoft  Inc.  Ora¬ 
cle  also  filed  an  official  notice  of 
the  offer  for  Pleasanton,  Calif.- 
based  PeopleSoft  with  the  Euro¬ 
pean  Commission  for  antitrust- 
review  purposes. 


BY  LUCAS  MEARIAN 

Los  Alamos  National  Labora¬ 
tory  today  plans  to  announce 
that  it’s  installing  a  1,400-node 
Linux  cluster  that  uses  a  new 
object-based  file  system  tech¬ 
nology  for  data  storage. 

Gary  Grider,  manager  of  scal¬ 
able  I/O  systems  at  Los  Alam¬ 
os,  said  the  lab  will  use  start¬ 
up  Panasas  Inc.’s  network-at¬ 
tached  storage  (NAS)  technol¬ 
ogy  to  spread  file  management 
capabilities  across  commodity 
servers  while  still  achieving 
high  levels  of  computing  pow¬ 


er  and  I/O  throughput. 

Grider  added  that  the  Ac- 
tiveScale  device  gives  him 
4GB/sec.  throughput  and  the 
ability  to  store  up  to  600TB  on 
the  planned  cluster,  which  will 
be  used  to  run  simulations  of 
nuclear  weapons  tests. 

Fremont,  Calif.-based  Pa¬ 
nasas  plans  to  introduce  Ac- 
tiveScale  today  in  conjunction 
with  the  Los  Alamos  announce¬ 
ment.  Unlike  conventional 
NAS  products,  which  store 
metadata  apart  from  files,  ob¬ 
ject-based  devices  like  Active- 


Stage  break  files  into  chunks 
that  include  file  data,  meta¬ 
data  and  other  information, 
such  as  quality-of-service  de¬ 
tails.  Proponents  said  the 
technology  should  speed  up 
the  process  of  accessing  files. 

Arun  Taneja,  an  analyst  at 
Taneja  Group  Inc.  in  Hopkin- 
ton,  Mass.,  said  that  with  the 
market  for  Linux-based  server 
clusters  on  the  rise,  object- 
based  storage  could  offer  users 
in  the  scientific  community  al¬ 
most  limitless  data  scalability. 

The  Linux  cluster  will  use 


Pentium-based  servers  priced 
at  about  $2,000,  Grider  said. 
Los  Alamos  has  been  testing 
the  cluster  with  ActiveStage 
for  about  nine  months  and 
now  has  the  production  sys¬ 
tem  in  place,  he  added. 

Panasas  said  ActiveScale  in¬ 
cludes  10  slots  for  specialized 
blade  servers,  each  supporting 
up  to  500GB  of  storage.  Pric¬ 
ing  starts  at  $25,000  for  a 
1.6TB  configuration.  ©  42179 
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Portfolio  Management  Wins 
Converts  Despite  Challenges 

Users  say  financelike  approach  to  IT 
cuts  costs,  helps  executives  evaluate  risks 


BY  THOMAS  HOFFMAN 

NEW  YORK 

everal  early  adopt¬ 
ers  of  portfolio  man¬ 
agement  approaches 
for  gauging  the  value 
of  IT  investments  said  last 
week  that  they  have  achieved 
strong  results  after  working 
through  cultural  acceptance 
challenges  at  their  companies. 

For  instance,  Mercy  Health 
Partners,  which  operates  six 
hospitals  in  the  Toledo,  Ohio, 
area,  started  looking  at  IT 
portfolio  management  three 
years  ago  to  help  evaluate  the 
merits  of  ongoing  and  pro¬ 
posed  IT  projects,  said  CIO 
Jim  Albin.  Mercy  Health,  a 
unit  of  Cincinnati-based 
Catholic  Healthcare  Partners, 
also  uses  portfolio  manage¬ 
ment  techniques  to  track 
whether  projects  are  hitting 
their  deadlines  and  return- 
on-investment  targets. 


The  110-person  IT  staff  at 
Mercy  Health  fields  up  to 
4,000  project  requests  each 
year,  and  “you  don’t  have  time 
to  do  ROI  [analyses]  on  all  of 
them,”  said  Albin,  who  spoke 
at  the  Society  for  Information 
Management’s  SIMposium 
conference  here. 

To  identify  the  IT  projects 
that  are  expected  to  deliver 
the  biggest  bene¬ 
fits,  the  health  care 
provider  began 
applying  the  same 
“Buy,  Hold  and 
Sell”  criteria  used 
by  financial 
investors. 

“There’s  no  point  in  throw¬ 
ing  good  money  after  bad,” 
said  Albin,  who  installed  an  IT 
portfolio  management  tool 
from  Pacific  Edge  Software 
Inc.  in  Bellevue,  Wash.,  to  sup¬ 
port  the  new  approach. 

Albin  said  Mercy  Health  has 


been  able  to  reduce  its  annual 
IT  costs  by  $4  million  through 
steps  such  as  cutting  its  appli¬ 
cation  development  staff  and 
reducing  the  use  of  outside 
contractors.  IT  managers  can 
also  better  anticipate  which 
projects  will  be  approved  and 
allocate  resources  more  effi¬ 
ciently,  he  added. 

Other  IT  managers  at  the 
SIM  conference  said  they  have 
also  had  success  with  portfolio 
management  practices. 

Doreen  Wright,  CIO  at 

Campbell  Soup  Co. 
in  Camden,  N.J., 
said  she  adopted 
the  IT  portfolio  ap¬ 
proach  four  years 
ago  at  Nabisco  Inc. 
and  took  a  similar 
tack  after  joining  Campbell  in 
2001.  “If  you’ve  got  six  $20  mil¬ 
lion  projects  on  the  table,  you 
can’t  do  them  all,”  she  said,  ex¬ 
plaining  the  appeal  of  the  tech¬ 
nique. 

Wright  said  the  biggest 
challenge  she  faced  at  Nabisco 
was  cultural  resistance.  Fortu¬ 


nately,  the  company’s  con¬ 
troller  helped  champion  the 
methodology,  “which  made  an 
enormous  difference,”  she 
said.  At  Campbell,  there  were 
fewer  roadblocks  because 
business  and  IT  managers 
alike  “were  dying”  for  a  way  to 
simplify  IT  project  decision¬ 
making,  Wright  noted. 

Campbell  is  now  better  po¬ 
sitioned  to  evaluate  the  risks 
of  proposed  IT  projects,  ac¬ 
cording  to  Wright.  She  added 
that  portfolio  management  has 
also  helped  the  company  to 
“stop  these  stupid  little  rogue 
[IT]  projects”  that  were  taking 
place  before  she  arrived. 

Matsushita  Electric  Corpo¬ 
ration  of  America’s  Panasonic 
Co.  division  in  Secaucus,  N.J., 
is  installing  IT  portfolio  man¬ 
agement  software  developed 
by  ProSight  Inc.  in  Portland, 
Ore.  The  software  rollout  is 
designed  to  further  automate 
portfolio  techniques  that  are 
already  in  place  at  the  compa¬ 
ny,  said  Steve  Adamo,  general 
manager  of  business  systems 
development  at  Panasonic. 

Like  Wright,  Adamo  cited 
cultural  acceptance  as  the 
biggest  challenge  Panasonic 
has  faced.  But  that  hurdle 
“pales  in  comparison  to  what 


Registering 

Returns 

SIM  conference  attendees  of¬ 
fered  these  tips  for  selling  IT  portfolio 
management  to  corporate  executives; 

■  Describe  its  merits  in 
business  terms,  and  start  with 
your  chief  financial  officer  or  an¬ 
other  executive  who  can  quickly 
grasp  the  concept. 

■  Explain  how  the  approach 

can  help  business  managers 
root  out  runaway  IT  projects  or 
ones  that  aren’t  delivering  the 
expected  ROI. 


■  Establish  a  steering 
committee  of  top  business 
executives  and  the  CIO  to 
evaluate  IT  investments,  if 
one  isn't  already  in  place. 

■  Emphasize  that  portfolio 
management  techniques  can 

help  improve  cross-project  co¬ 
ordination  and  communication. 

we’re  able  to  achieve  with  our 
business  units,”  he  said.  For 
example,  Panasonic’s  IT  staff 
can  now  share  common  met¬ 
rics  with  business  managers  to 
show  whether  IT  projects  are 
on  time  and  are  delivering  the 
anticipated  ROI.  ©  42191 


SIM  PICKINGS 

Check  out  our  interview  with 
SIM  President  Ed  Trainer: 

©  QuickLink  42095 
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Wringing  Payback  Out  of  Supply 
Chain  Apps  Not  So  Easy,  Users  Say 


BY  MARC  L.  SONGINI 

ORLANDO 

IT  managers  at  a  conference 
held  here  last  week  by  i2 
Technologies  Inc.’s  user  group 
detailed  some  of 
the  ins  and  outs  of 
supply  chain  man¬ 
agement  projects, 
including  chal¬ 
lenges  in  areas 
such  as  managing  software 
changes  and  controlling  the 
scope  of  installations. 

Four  i2  users  said  in  inter¬ 
views  that  they  have  succeed¬ 
ed  at  getting  paybacks  on  their 
investments  in  the  Dallas- 
based  company’s  applications. 
But  doing  so  wasn’t  an  easy 
process,  they  cautioned. 

For  example,  ON  Semicon¬ 


ductor  Corp.  “invested  a  lot”  in 
change  management  proce¬ 
dures  and  end-user  training  as 
part  of  an  i2  rollout  that  start¬ 
ed  in  1997,  said  Ravi  Vanchees- 
waran,  manager 
of  supply  chain 
management  ser¬ 
vices,  systems  and 
processes  at  the 
Phoenix-based 
chip  maker.  “I  cannot  overstate 
the  amount  of  change  manage¬ 
ment  within  i2,”  he  added. 

The  same  applies  to  training 
supply  chain  planners  and  oth¬ 
er  workers  to  use  the  software. 
“We  were  completely  chang¬ 
ing  the  way  planning  was 
done,”  Vancheeswaran  said. 

The  software  has  helped 
ON  increase  productivity,  en¬ 


abling  the  company  to  down¬ 
size  its  supply  chain  staff  and 
improve  the  way  it  handles  in¬ 
ventory,  Vancheeswaran  said. 

Thomas  Strubel,  director  of 
supply  chain  systems  at  PSS 
World  Medical  Inc.  in  Jack¬ 
sonville,  Fla.,  said  companies 
doing  supply  chain  rollouts 
must  keep  strict  scope-control 
procedures  in  place,  even  if  it 
means  limiting  the  number  of 
features  that  systems  will  han¬ 
dle  once  they’re  installed. 

“If  we’re  going  live  in  two 
months,  you  can’t  throw  curve 
balls  outside  the  scope  [of  the 
plan],”  Strubel  said.  PSS,  a  dis¬ 
tributor  of  medical  products, 
runs  the  i2  Six  suite  of  applica¬ 
tions  and  has  seen  improve¬ 
ments  in  its  order-fill  rates  and 


customer  service  levels  since 
it  installed  the  software. 

In  an  interview  at  the  Direc¬ 
tions  2003  conference  spon¬ 
sored  by  the  Atlanta-based  i2 
User  Group,  i2  CEO  Sanjiv  Sid- 
hu  said  there  are  “misconcep¬ 
tions”  about  users’  ability  to 
achieve  ROI  on  supply  chain 
projects.  But  he  added  that  i2 
is  trying  to  make  it  “easier  and 
easier”  to  use  its  software. 

For  example,  the  company 
last  week  announced  plans  for 
an  applications  upgrade  that 
will  include  a  set  of  prebuilt 
data  workflow  processes  for 
connecting  operations  across 
various  departments  within  a 
company. 

But  for  Cindy  Cruzado, 
global  director  of  strategy  at 
Worldwide  Retail  Exchange 
LLC  in  Alexandria,  Va.,  getting 
end  users  to  agree  on  the  best 
ways  to  exploit  i2’s  applica¬ 
tions  was  a  bigger  challenge 
than  installing  the  software. 


The  exchange,  which  sup¬ 
ports  business-to-business 
collaboration  between  retail¬ 
ers  and  suppliers,  relies  on  i2’s 
procurement,  collaborative 
planning  and  content  manage¬ 
ment  software. 

The  installation  was  compli¬ 
cated  by  the  fact  that  business 
processes  differ  in  countries 
such  as,  say,  the  U.S.  and 
Japan,  Cruzado  said. 

She  added  that  to  resolve 
the  differences,  IT  staffers  had 
to  get  companies  that  are 
participants  in  the  exchange 
“to  sit  across  from  their  cus¬ 
tomers  and  talk  about  the 
challenges.”  ©  42193 

READ  MORE  ONUNE 

Sanjiv  Sidhu.  i2’s  CEO,  discusses  the 
company’s  efforts  to  increase  revenue: 
QuickLink  42163 

The  company's  i2  Six.One  software 
upgrade  is  due  for  release  in  December: 
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products.  Proventia"  centrally-managed  products  range  from  detection  up  to  completely 
unified  and  proactive  multi-function  protection  appliances,  combining  firewall,  intrusion 
prevention  and  anti-virus  technologies.  Take  control  of  your  enterprise  security.  Switch  to 
Internet  Security  Systems  today.  800-776-2362.  www.iss.net/takecontrol. 


Q 

Internet 

Security 

Systems' 


G  2003  Internet  Security  Systems,  Inc  All  rights  reserved  worldwide 


■zmam 


12  COMPUTERWORLO  October  20, 2003 


NEWS 


www.computerworld.com 


BMC  Boosts  Tools  for 
Business  ManlgemAnt 

Upgrades  problem-tracking  software, 
announces  deals  with  five  vendors 


BRIEFS 


Siebei  inks  Deal  for 
Hosted  CRM  Apps 

Siebe!  Systems  Inc.  said  it  will 
pay  $70  million  in  cash  to  buy  Up- 
Shot  Corp.,  a  Mountain  View, 
Calif.-based  vendor  of  hosted 
CRM  applications.  Siebei  said  it 
plans  to  sell  UpShot's  software 
in  addition  to  the  hosted  applica¬ 
tions  it  announced  this  month 
with  IBM  [QuickLink  41873],  al¬ 
though  the  offerings  eventually 
will  be  converged.  Siebei  has  also 
bought  the  assets  of  Motiva  Inc., 
a  Pleasanton,  Calif.-based  devel¬ 
oper  of  incentive  compensation 
management  software. 


IBM,  SAP  Profit  in 
Q3;  Siebei  in  Red 

Among  vendors  announcing  third- 
quarter  financial  results,  San  Ma¬ 
teo,  Calif.-based  Siebei  reported  a 
$59.3  million  loss  on  revenue  of 
$321.4  million.  IBM  said  it  had  a 
$1.8  billion  profit  on  $21.5  billion 
in  revenue.  IT  spending  “remains 
good,  but  not  robust,”  said  John 
Joyce,  IBM’s  chief  financial  offi¬ 
cer.  SAP  AG  reported  a  $294  mil¬ 
lion  profit  on  revenue  of  $1.93  bil¬ 
lion  and  raised  its  earnings  fore¬ 
cast  for  the  year  as  a  whole. 


Sprint  Says  GSA 
Won’t  Pursue  Ban 

Sprint  Corp.  said  it  has  been  told 
by  the  U.S.  General  Services  Ad¬ 
ministration  that  the  agency 
won’t  seek  to  bar  the  company 
from  competing  for  federal  con¬ 
tracts.  The  GSA  had  been  consid¬ 
ering  a  debarment  following  a 
billing  error  by  Sprint  on  a  con¬ 
tract  with  the  U.S.  Department 
of  Justice  [QuickLink  40494], 


Short  Takes 

MYSQL  AB  in  Uppsala,  Sweden, 
said  it’s  buying  clustering  soft¬ 
ware  for  telecommunications 
companies  and  will  add  the  tech¬ 
nology  to  its  open-source  data¬ 
base  next  year _ HEWLETT- 

PACKARD  CO.  said  CIO  Robert 
Napier  died  of  cancer  on  Oct.  13. 
Hs  was  58. 


BY  MATT  HAMBLEN 

NEW  YORK 

MC  SOFTWARE  INC. 
last  week  announced 
a  new  version  of  a  key 
IT  management  tool 
plus  partnerships  with  five 
hardware,  software  and  con¬ 
sulting  services  vendors  in  a 
bid  to  boost  the  Business  Ser¬ 
vice  Management  (BSM) 
strategy  it  announced  in  April. 

The  Service  Impact  Manag¬ 
er  2.0  software  offers  an  im¬ 
proved  Web-based  interface  to 
help  users  search  systems  for 
the  causes  of  trouble  alerts, 
said  Mary  Smars,  a  product 
manager  at  BMC  in  Houston. 

Service  Impact  Manager 
tracks  how  system  problems 
affect  business  services  and  is 
one  of  the  three  components 
of  the  BSM  approach,  which  is 
designed  to  give  IT  managers 
a  full  set  of  tools  for  linking 
computing  resources  to  busi¬ 
ness  priorities  and  controlling 
networks  from  the  device  lev¬ 
el  up  to  the  application  layer. 

During  a  press  conference, 
BMC  CEO  Bob  Beauchamp 
cited  an  example  of  a  Euro¬ 
pean  customer  who  com¬ 
plained  that  his  company 
needed  50  different  manage¬ 
ment  tools  to  operate  its  sys¬ 
tems.  Adopting  a  BSM  ap¬ 
proach  could  help  eliminate 
some  tools,  Beauchamp  said. 

“We  have  a  similar  problem, 
and  50  management  tools  is 
too  many  to  integrate  and  to 
manage.  It’s  a  challenge,”  said 
Lee  Adams,  vice  president  of 
infrastructure  services  at  Hos¬ 
pital  Corporation  of  America, 
a  Nashville-based  company 
that  operates  300  hospitals 
and  medical  clinics. 

The  health  care  provider  has 
run  Patrol  for  several  years 
and  plans  to  use  the  technol¬ 
ogy  as  a  springboard  to  create 
better  integration  between  its 
business  services  and  IT  sys¬ 


tems,  Adams  said.  But  he  will 
meet  with  vendors  of  other 
management  tools  as  well 
to  weigh  their  capabilities 
against  BMC’s. 

Centrica  PLC,  a  utility  com¬ 
pany  in  Windsor,  England,  has 
used  BMC  products  since  1997, 
although  it  also  relies  on  tools 
from  rivals  such  as  Hewlett- 
Packard  Co.  The  use  of  man¬ 
agement  tools  to  help  run  sys¬ 
tems  based  on  business  needs 
has  helped  Centrica  as  it  has 
grown  through  acquisitions, 


IT’  managers  opt 
for  multilayered, 
stronger  defenses 

BY  BOB  BREWIN 

For  some  health  care  IT  man¬ 
agers,  the  vulnerability  of  Cis¬ 
co  Systems  Inc.’s  wireless 
LAN  authentication  protocol 
to  attacks  aimed  at  discover¬ 
ing  passwords  is  reinforcing 
the  importance  of  developing 
multilayered  approaches  to  se¬ 
curing  their  networks. 

Several  users  last  week  said 
they  have  already  adopted  or 
plan  to  install  a  mix  of  WLAN 
authentication  and  encryption 
protocols  in  order  to  ensure 
that  their  companies  comply 
with  the  data  privacy  require¬ 
ments  of  the  federal  Health 
Insurance  Portability  and  Ac¬ 
countability  Act. 

Chris  Lenaghen,  a  network 
engineer  at  St.  Alphonsus  Re¬ 
gional  Medical  Center  in  Boise, 
Idaho,  said  he  views  Cisco’s 
Lightweight  Extensible  Au¬ 
thentication  Protocol  (LEAP) 
as  “a  temporary  solution”  until 
the  hospital  can  install  an  up¬ 
dated  version  of  Novell  Inc.’s 


said  Matthew  Burrows,  its 
consultant  program  manager. 
“BSM  is  not  a  specific  tool;  it’s 
a  philosophy,”  he  noted. 

BMC  said  it  has  signed 
BSM-related  partnering  deals 
with  Accenture  Ltd.,  Dell  Inc., 
EMC  Corp.,  Siebei  Systems 
Inc.  and  Symantec  Corp. 

Jean-Pierre  Garbani,  an  ana¬ 
lyst  at  Forrester  Research  Inc., 
said  BMC  “perhaps”  has  a 
slight  edge  over  HP,  Computer 
Associates  International  Inc. 
and  IBM’s  Tivoli  Software  unit 
because  of  how  comprehen¬ 
sive  its  BSM  strategy  is.  But, 
he  added,  “it  might  not  be  an 
edge  for  long.” 


Extend  Director  software. 

The  Novell  software  sup¬ 
ports  the  Lightweight  Directo¬ 
ry  Access  Protocol  (LDAP), 
which  Lenaghen  said  should 
make  it  harder  for  malicious 
hackers  to  run  so-called  dic¬ 
tionary  attacks  against  the 
hospital’s  WLAN.  St.  Alphon¬ 
sus  will  speed  up  its  move 
from  LEAP  to  LDAP  because 
of  the  Cisco  tech¬ 
nology’s  vulnera¬ 
bility,  Lenaghen 
added. 

Cisco  disclosed 
in  early  August  that 
LEAP  could  be 
compromised  by 
dictionary  attacks. 

At  a  conference  earlier  this 
month,  Joshua  Wright,  a  sys¬ 
tems  engineer  at  Johnson  & 
Wales  University  in  Provi¬ 
dence,  R.I.,  demonstrated  such 
an  attack  using  a  tool  he  devel¬ 
oped  [QuickLink  41843]. 

In  an  interview  last  week, 
Wright  said  he  plans  to  make 
the  attack  tool  publicly  avail¬ 
able  in  February. 

Gene  Gretzer,  a  senior  ana¬ 
lyst  and  project  leader  for  ac¬ 
cess  technologies  at  St.  Luke’s 


H  Fifty  management 
tools  is  too  many 
to  integrate  and  to  man¬ 
age.  It’s  a  challenge. 

LEE  ADAMS,  vice  president  of 
infrastructure  services.  Hospital 
Corporation  of  America 

HP  last  week  unveiled  a 
program  called  Business 
Service  Management  Light¬ 
house  Customer,  through 
which  select  users  will  get 
early  access  to  products  and 
potentially  help  HP  develop 
tools  for  modeling  business 
systems.  ©  42187 


Episcopal  Health  System  in 
Houston,  said  the  health  care 
provider  uses  LEAP  to  help 
secure  100  wireless  access 
point  devices  made  by  Cisco. 
But  St.  Luke’s  also  controls 
WLAN  access  through  a  data¬ 
base  of  Media  Access  Control 
(MAC)  addresses  and  use  of 
the  Advanced  Encryption 
Standard. 

Miami  Children’s  Hospital 
in  Coral  Gables,  Fla.,  has  taken 
a  layered  approach  to  WLAN 
security  as  well,  said  Alex 
Naveira,  its  chief  information 
security  officer.  In 
addition  to  LEAP, 
the  hospital  is  us¬ 
ing  MAC  address 
authentication 
and  128-bit  Secure 
Sockets  Layer  en¬ 
cryption,  he  said. 
Ron  Seide,  prod¬ 
uct  line  manager  at  Cisco’s 
wireless  business  unit,  agreed 
that  many  organizations  need 
stronger  authentication  capa¬ 
bilities  than  LEAP  provides. 

He  said  Cisco  recommends 
that  such  users  install  the  Pro¬ 
tected  Extensible  Authentica¬ 
tion  Protocol  (PEAP),  which 
relies  on  digital  certificates  to 
control  network  access.  PEAP 
was  co-developed  by  Cisco, 
Microsoft  Corp.  and  RSA  Se¬ 
curity  Inc.  ©  42192 


Hospitals  Back  Off  Cisco 
LEAP  Security  for  WLANs 


ON  THE  ATTACK 

The  author  of  a  tool  for  crack¬ 
ing  LEAP-protected  WLANs 
says  users  should  be  aware  of 
the  risks  of  using  the  protocol: 

©  QuickLink  42186 
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Cybersecurity 

the  deployment  of  CIDDAC 
sensors  “very  positively”  from 
an  underwriting  standpoint. 

“We  are  prepared  to  offer 
lower  rates  to  those  compa¬ 
nies  that,  in  addition  to  other 
industry-standard  security 
protocols,  deploy  the  CIDDAC 
sensing  technology,”  Parisi 
said.  “We  recognize  that  com¬ 
panies  that  add  the  additional 
layer  of  security  provided  by 
CIDDAC  are  at  less  risk  of  suf¬ 
fering  costly  network-security 
breaches.” 

The  goal  is  to  deploy  what 
CIDDAC  calls  Real-time  Cyber 
Attack  Detection  Sensors,  or 
RCADS,  throughout  as  many 
U.S.  companies  as  possible  — 
and  eventually  the  world  — 
and  feed  incident  data  to  a  cen¬ 
trally  managed  operations  fa¬ 
cility  at  the  University  of  Penn¬ 
sylvania  in  Philadelphia. 

Although  it  has  maintained 
a  low  profile  to  date,  CIDDAC 
is  the  result  of  a  volunteer  ef¬ 
fort  by  various  private-sector 


CIDDAC 

Steering 

Committee 

■  AdminForce  LLC 

■  Air  Products  and  Chemicals 

■  U.S.  Department  of  Justice 

■  Electric  Power 
Research  Institute 

*  General  Motors 
Acceptance  Corp. 

*  Harvey  &  Mortensen 
Attorneys  at  Law 

» Independence  Blue  Cross 

*  Liberty  Bell  Bank 

a  Lockheed  Martin  Corp. 

*  NetForensics  Inc. 

*  Pennsylvania  State  Attorney 
General’s  Office 

»  Temple  University 

«  University  of  Pennsylvania's 
Institute  for  Strategic  Threat 
Analysis  &  Response 

*  U.S.  Attorney  for  the  Eastern 
District  of  Pennsylvania 


IT  companies  and  other  firms, 
along  with  the  Philadelphia 
InfraGard  chapter.  InfraGard 
is  an  FBI-sponsored  program 
designed  to  help  companies  in 
the  private  sector  share  secu¬ 
rity  information  with  one  an¬ 
other  and  the  government. 

The  consortium  has  devel¬ 
oped  what  it  claims  is  a  tech¬ 
nical  solution  to  the  private 
sector’s  primary  concern 
about  information  sharing: 
government  access  to  propri¬ 
etary  data.  “We  have  a  way  to 
gather  the  appropriate  infor¬ 
mation  on  cyberattacks  and 
security  incidents  without  dig¬ 
ging  through  production  data,” 
said  Charles  “Buck”  Fleming, 
acting  executive  director  of 
CIDDAC  and  CEO  of  Admin- 
Force  LLC  in  Boulder,  Colo. 

CIDDAC  is  operating  a 
prototype  monitoring  and 
operations  center  at  facilities 
owned  by  AdminForce. 

“The  RCADS  sits  outside  of 
a  company’s  production  net¬ 
work  and  looks  like  another 
computer  on  the  network,” 
Fleming  said.  “It  then  identi¬ 
fies  security  incidents  and 
profiles  the  attack  signature 
without  the  company  having 
to  worry  about  the  govern¬ 
ment  looking  inside  their  in¬ 
ternal  network.” 

The  concern  about  govern¬ 
ment  having  access  to  data  re¬ 
mains  a  serious  impediment  to 
information  sharing  between 
it  and  the  private  sector,  which 
owns  and  operates  more  than 
85%  of  the  nation’s  critical  in¬ 
frastructures. 

In  fact,  more  than  a  dozen 
CIOs  from  the  electric  and 
natural  gas  industries  who  at¬ 
tended  an  executive  confer¬ 
ence  last  week  in  Tampa  said 
their  companies  don’t  belong 
to  a  formal  government-spon¬ 
sored  information-sharing  and 
analysis  center,  primarily  be¬ 
cause  of  fears  that  proprietary 
data  wouldn’t  be  protected. 

“There  has  to  be  private- 
sector  control  [of  the  data]  if 
the  answer  to  the  information¬ 
sharing  problem  is  going  to  be 
found,”  said  Fleming. 

Although  the  DHS  recently 
announced  plans  to  build  its 
own  Real-Time  Cyber  Situa¬ 
tion  Awareness  System  that 
would  initially  monitor  gov¬ 


ernment  networks  in  real 
time,  Fleming  said  it’s  based 
on  a  “faulty,  weak  legacy.” 

“The  proposed  DFIS  solu¬ 
tion  center  will  deal  with  pro¬ 
duction  data  initially  generat¬ 
ed  by  government  activities,” 
Fleming  wrote  in  a  letter  to 
CIDDAC  members.  “The  plan 
is  to  lead  by  government  ex¬ 
ample  and  have  the  private 
sector  join  with  their  data 
contributing  down  the  road. 
There  is  no  chance  of  this 
happening. . . .  The  continuing 
failure  of  DHS  to  understand 
these  basic  [privacy]  require¬ 
ments  is  distressing.” 

The  DHS  didn’t  return  calls 
seeking  comment. 

Alan  Paller,  director  of  re¬ 


search  at  the  SANS  Institute, 
said  RCADS  is  a  great  idea, 
but  he  called  Fleming’s  “at¬ 
tack”  on  the  DHS  proposal  off- 
base.  Rather  than  competing 
with  each  other,  the  DHS  — 
whose  system  will  feed  data  to 
the  CERT  Coordination  Cen¬ 
ter  at  Carnegie  Mellon  Uni¬ 
versity  —  and  CIDDAC  need 
to  work  together,  he  said. 

Paller  explained  that  both 
systems  will  be  part  of  a  much 
larger  array  of  similar  systems 
that  will  collect  enough  data 
to  pick  up  early  indications  of 
massive  worm  outbreaks  and 
possibly  coordinated  attacks 
on  infrastructures. 

“More  of  these  networks 
means  more  watchfulness  and 


Oracle  Adds  ID  Security 
To  Database,  App  Server 


BY  JAIKUMAR  VIJAYAN 

Tapping  into  growing  demand 
for  identity  management  tech¬ 
nologies,  Oracle  Corp.  last 
week  announced  software 
components  for  more  secure 
management  of  user  access 
to  Web  and  client/server 
applications. 

Oracle’s  new  Identity  Man¬ 
agement  software  is  intended 
to  help  companies  create  user 
identity  profiles  and  security 
services  for  single  sign-on 
access  to  Oracle  applications. 
Oracle  plans  to  extend  those 
services  to  third-party  appli¬ 
cations,  but  company  officials 
didn’t  specify  a  time  frame. 

The  software,  which  is  inte¬ 
grated  with  Oracle’s  database 
and  application  server  prod¬ 
ucts,  supports  user  provision¬ 
ing  services  for  automatically 
creating,  managing  and  revok¬ 
ing  user  accounts. 

Such  capabilities  are  crucial 
for  reducing  the  complexity 
and  costs  associated  with 
managing  user  identities 
across  many  applications,  said 
Peter  Moser,  a  project  manag¬ 
er  at  Swisscom  IT  Services,  a 
telecommunications  provider 
in  Bern,  Switzerland. 

Moser’s  group  used  a  beta 
version  of  Oracle’s  Identity 
Management  product  in  a 
massive  portal  project  for 


NEW  PRODUCT 


LDAP  directory  services 
for  storing  and  mana  ng 
usei  ^entities  and  access 
privileges 

Web  single  sign-on 

Auton  ted  use  provisioning 

Directory  integration  service 
to  tie  Oracle’s  Identity 
Management  software  with 
existing  corporate  di 
technology 


Swisscom’s  enterprise  ser¬ 
vices  group.  The  group  is  con¬ 
solidating  four  portals  into 
one  site  that  can  be  accessed 
by  more  than  18,000  internal 
users  and  50,000  external 
users.  Using  the  Oracle  tech¬ 
nology,  Swisscom  built  a  cen¬ 
tral  identity  repository  for  en¬ 
abling  single  sign-on  to  all  the 
applications  that  can  be  ac¬ 
cessed  via  the  portal,  Moser 
said. 

“Oracle  is  very  much  on  the 
right  track  with  this.  I  hope 
they  continue  in  this  direc¬ 
tion,”  Moser  said. 

But  there  are  some  caveats, 
said  Chris  Christiansen,  an  an¬ 
alyst  at  IDC  in  Framingham, 


more  data,”  he  said. 

Special  Agent  John  Ches- 
son,  the  FBI’s  Philadelphia 
InfraGard  coordinator,  said 
CIDDAC  addresses  the  private 
sector’s  need  for  a  computer- 
intrusion  and  automated  inci¬ 
dent  reporting  system  that 
manages  data  in  a  “privacy- 
sensitive”  manner. 

“The  initial  hope  was  that 
InfraGard  would  serve  as  a 
two-way  communications 
[hub]  between  private  indus¬ 
try  and  the  government,” 
said  Chesson.  However,  “the 
information  sharing  has  been 
mostly  one  way,”  in  the  form 
of  DHS  reports  being  sent 
to  InfraGard  chapters,  Ches¬ 
son  said.  0  42188 


Mass.  For  instance,  Oracle’s 
initial  version  of  the  software 
works  only  in  an  all-Oracle  ap¬ 
plication  environment,  he 
said.  The  integration  of  the 
identity  management  func¬ 
tionality  into  Oracle’s  data¬ 
base  product  also  means  secu¬ 
rity  administrators  may  need 
to  acquire  some  new  skills, 
Christiansen  said.  “Users  have 
to  be  careful  to  what  degree 
they  buy  into  the  Oracle  solu¬ 
tion,”  he  added.  “In  some  re¬ 
spects,  it  requires  IT  security 
people  to  gain  database  ad¬ 
ministration  skills.” 

Oracle  is  only  one  of  a  num¬ 
ber  of  vendors  responding  to 
user  demand  for  identity  man¬ 
agement  technologies. 

Just  last  week,  for  instance, 
BEA  Systems  Inc.  in  San  Jose 
rolled  out  identity  manage¬ 
ment  software  designed  to  let 
companies  enable  single  sign- 
on  across  both  Web  and  lega¬ 
cy  applications. 

The  Burlington  Northern 
and  Santa  Fe  Railway  Co.  in 
Fort  Worth,  Texas,  is  using 
identity  management  software 
from  Waveset  Technologies 
Inc.  in  Austin  to  provision 
application  access  to  nearly 
100,000  user  accounts. 

The  software  has  allowed 
the  company  to  cut  in  half  the 
time  it  takes  to  create  new 
user  accounts  and  remove 
ones  no  longer  in  use,  said 
Rick  Perry,  director  of  enter¬ 
prise  security  at  Burlington 
Northern  Santa  Fe.  O  42177 
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Office  System 

Whether  the  Office  System 
approach  will  resonate  with 
the  majority  of  Microsoft’s 
corporate  customers,  who  are 
accustomed  to  a  more  lean  Of¬ 
fice  upgrade,  is  unclear.  A  col¬ 
lection  of  early  adopters  and 
companies  that  are  plotting 
migrations  have  expressed  en¬ 
thusiasm  about  the  upgrade, 
particularly  the  more  tightly 
integrated  SharePoint  Services 
that  will  enable  collaboration 
on  documents  and  projects. 

Among  them  is  Hawaiian 
Electric  Co.  in  Honolulu.  “The 
variety  of  collaboration  tools 
has  the  possibility  of  trans¬ 
forming  some  of  our  business 
practices,”  said  Les  McCarter, 
director  of  IT  infrastructure 
and  operations. 

But  other  companies  said 
they  have  yet  to  do  a  careful 
study  of  the  new  Office  Sys¬ 
tem.  Bill  Lewkowski,  CIO  at 
Metropolitan  Health  Corp.  in 
Grand  Rapids,  Mich.,  for  one, 
said  he  doesn’t  have  a  clear 
understanding  of  it  and  it’s  be¬ 
coming  “very  confusing.” 

“We  need  to  take  our  time 


to  determine  if  the  sharing 
and  collaborative  features  are 
worth  the  effort  to  purchase, 
install  and  manage,”  he  said. 
“This  is  bringing  extra  com¬ 
plexity  into  our  environment, 
when  we  need  to  be  focusing 
our  efforts  on  our  business  ap¬ 
plications  and  processes.” 

Lewkowski  said  his  compa¬ 
ny  currently  uses  Office  2000 
and  doesn’t  require  many  of 
the  upgrade’s  new  features.  He 
added  that  he  doesn’t  want  to 
get  into  a  cycle  of  purchasing 
Office  every  two  years  and 
having  to  buy  client-access  li¬ 
censes  for  new  server-based 
services. 

Zeke  Duge,  CIO  at  Smart  & 
Final  Stores  Corp.  in  Com¬ 
merce,  Calif.,  said  Microsoft’s 
Office  System  strategy  ap¬ 
pears  to  be  an  attempt  to 
“combat  the  presence  of  com¬ 
peting  solutions  by  wrapping 
up  the  customer  so  that  best- 
of-breed  solutions  are  not  vi¬ 
able.”  Yet  Duge  said  his  com¬ 
pany  will  probably  “be  forced” 
to  upgrade  next  year  from  Of¬ 
fice  2000.  Smart  &  Final  wants 
to  take  advantage  of  Office 
System  2003’s  XML  support, 
Duge  said,  since  the  company 
uses  XML  for  data  interchange 


through  messaging  software 
from  Tibco  Software  Inc.  in 
Palo  Alto,  Calif. 

Mike  Silver,  an  analyst  at 
Gartner  Inc.  in  Stamford, 
Conn.,  said  he  doubts  that  Of¬ 
fice  2003  will  have  a  10%  in¬ 
stalled  base  before  2005.  He 
said  the  product  requires  con¬ 
siderable  testing  with  third- 
party  applications,  macros  and 
databases,  adding  that  Micro¬ 
soft  has  done  a  poor  job  of 
helping  companies  understand 
what  they  need  to  test  for  and 
what  kinds  of  macros  and 
functions  are  affected  by  the 
upgrade. 

Mike  Gotta,  an  analyst  at 
Meta  Group  Inc.,  also  in  Stam¬ 
ford,  predicted  that  about  30% 
of  corporations  will  migrate  to 
Office  2003  in  the  next  two 
years,  and  15%  to  20%  of  cor¬ 
porations  will  reject  it  out¬ 
right.  There  will  be  a  dogfight 
among  the  rest,  he  said. 

“It’s  a  big  decision,”  Gotta 
said,  adding  that  a  company’s 
architecture  group  must  get 
involved  if  it’s  considering  Of¬ 
fice  System  as  opposed  to  the 
“classic”  Office. 

The  primary  reason  why 
Hawaiian  Electric  plans  to  mi¬ 
grate  from  Office  2000  to  Of- 


Microsoft  Office 
System  2003 

Core  Programs:  Word,  Excel, 
Outlook,  PowerPoint,  Access, 
FrontPage,  OneNote,  Publisher, 
Project,  Visio,  InfoPath 

Servers:  Exchange  Server,  Project 
Server,  SharePoint  Portal  Server, 
Live  Communications  Server 

Services:  Live  Meeting 

Solution  Accelerators  (sold 
through  partners):  Available 
now  for  Recruiting.  Also  expected 
for  Sarbanes-Oxley,  XBRL,  Busi¬ 
ness  Scorecards,  Excel  Report¬ 
ing.,  Six  Sigma  and  Proposals. 


fice  2003  in  the  first  quarter  of 
next  year  is  that  it  skipped  the 
Windows  XP  edition.  “We 
don’t  want  to  get  too  far  behind 
on  the  upgrades  because  of  se¬ 
curity  issues,”  said  McCarter. 

But  he  said  the  migration 
will  be  worth  the  effort  be¬ 
cause  of  the  bonus  the  com¬ 
pany  will  get  with  the  better- 
integrated  SharePoint  Ser¬ 
vices.  He  said  employees  now 
drop  information  into  file 
shares,  where  files  tend  to 
hang  indefinitely.  With  the 
new  Office  and  SharePoint, 


REI  uses  software  from  Ap¬ 
prentice  Systems  Inc.  in  conjunc-  • 
tion  with  Microsoft’s  Visio  dia¬ 
gramming  tool,  which  is  part  of 
the  Office  System,  to  map  out 
the  process  of  creating  a  prod-  • 
uct,  such  as  a  backpack.  The 
work  is  then  passed  to  Micro¬ 
soft’s  Project  Professional  client,  ; 
resources  are  assigned  and  the  * 
project  is  published  to  Project 
Server,  Myette  said. 

Two  more  linked  Office  Sys¬ 
tem  components,  Outlook  and 
Exchange  Server,  then  kick  in,  al-  ; 
lowing  employees  to  view  their 
tasks  as  items  in  Outlook;  Win¬ 
dows  SharePoint  Services  will 
assist  with  document  manage¬ 
ment  and  collaboration,  Myette 
said.  The  XML  support  in  new 
versions  of  Word  and  Excel  and 
the  XML-based  forms  that  come 
with  the  Office  System’s  new  In¬ 
foPath  component  will  also  help 
with  the  management  of  data 
around  projects,  he  added. 


Early  Office  2003  Adopters  Applaud 
Project,  Document  Management  Upgrades 


Project  and  document  manage¬ 
ment  improvements  to  core  com¬ 
ponents  of  Office  System  2003 
were  the  allure  that  compelled 
Continental  Airlines  Inc.  and 
Recreational  Equipment  Inc. 

(REI)  to  sign  up  for  Microsoft 
Corp.’s  Rapid  Adoption  Program. 

One  hundred  employees  in  the 
enterprise  program  office  at  Con¬ 
tinental  had  been  using  Micro¬ 
soft’s  Project  Server  for  the  pre¬ 
vious  15  months,  but  the  airline 
had  qualms  about  rolling  the 
product  out  companywide  to 
5,000  employees,  according  to 
Biake  Burke,  managing  director 
of  technology  for  Houston-based 
Continental. 

Burke  said  the  scalability  was 
suspect  and  the  response  time 
was  slow  for  remote  users  con¬ 


necting  via  dial-up  or  VPN,  so  the 
company  considered  alternative 
products.  But  Continental  elected 
to  stick  with  Microsoft  once  it 
learned  that  the  software  maker 
was  addressing  those  issues  in 
the  new  version  of  Project  Server 
that’s  part  of  Office  System  2003. 

The  airline’s  IT  department 
has  since  noted  other  improve¬ 
ments  while  testing  a  beta  ver¬ 
sion  of  Project  Server  2003. 

Most  notably,  Continental  can 
now  associate  an  employee,  or  a 
named  resource,  with  a  specific 
task,  such  as  building  a  server, 
Burke  said. 

That  will  ultimately  allow  the  IT 
department  and  other  parts  of 
the  company  to  better  manage 
its  resources.  For  instance,  the 
company  can  associate  a  specif¬ 


ic  skill  set,  such  as  C++  program-  .* 
ming  skills,  with  a  named  re¬ 
source,  Burke  noted. 

“This  product  allows  us  to  put 
the  emphasis  on  the  right  side  of 
the  influence  curve,  so  we're 
now  proactive  rather  than  reac¬ 
tive  as  it  relates  to  the  deploy¬ 
ment  of  resources,  people  and 
assets,"  Burke  said, 

Kevin  Myette,  director  of  busi¬ 
ness  operations  at  REI,  said  his 
company  expects  to  be  able  to 
take  on  more  projects  and  exe-  > 
cute  them  with  greater  consisten-  : 
cy  as  a  result  of  its  use  of  a  collec¬ 
tion  of  Office  System  products. 

The  Kent,  Wash.-based  retailer 
oversees  the  creation  of  more 
than  1,100  REI-branded  products 
and  typically  takes  on  about  600 
projects  per  year,  he  said. 


users  can  save  files  to  a  com¬ 
mon  workgroup  site  with  no 
extra  effort,  McCarter  said. 

Steve  Sommer,  the  CIO  at 
Hughes  Hubbard  &  Reed  LLP, 
a  law  firm  in  New  York,  said  he 
used  to  view  Office  as  “a  bunch 
of  integrated  programs  that 
worked  together  quite  well.” 

He  now  sees  Office  as  an  inte¬ 
grated  product  that  his  firm 
will  couple  with  integrated 
servers  and  other  applications. 

Of  particular  interest  to 
Sommer  are  the  SharePoint 
Services;  information  rights 
management  for  controlling 
access  to  documents;  and 
InfoPath,  a  new  product  that 
lets  users  create  XML-based 
forms  and  submit  them  to 
XML-enabled  systems. 

“I  am  probably  not  going  to 
love  the  related  training  and 
administration  that  might  be 
the  excess  baggage  that  comes 
with  such  a  feature-laden 
product,”  Sommer  said.  He 
also  expressed  concern  that 
“there  might  be  more  bugs 
than  usual.” 

“The  product  could  be  a 
great  leap  forward ...  or  a 
great  ball  of  confusion,”  he 
said.  “They  need  to  stay  on  top 
of  this  from  Day  1.”  O  42202 


InfoPath  was  the  most  impor¬ 
tant  new  Office  System  addition 
for  Digitas  LLC,  a  Boston-based 
marketing  agency,  according  to 
Erik  Dubovik,  vice  president  and 
director  of  IT. 

Digitas  employees  had  been 
filling  out  Microsoft  Word  tem¬ 
plates  and  mailing  them  or  hand¬ 
delivering  them  to  the  finance 
department  to  start  up  a  new 
business  project  -  the  first  step 
to  enable  them  to  bill  time  and 
materials  to  a  client. 

Dubovik  said  it  was  relatively 
simple,  with  assistance  from  a 
systems  integrator,  to  convert 
the  Word  template  to  an  XML- 
based  InfoPath  template.  The 
data  can  now  flow  to  other  XML- 
enabled  systems,  such  as  the 
company’s  ERP  and  professional 
services  automation  systems. 

“I  tell  people  it’s  Microsoft 
Word  templates  on  steroids," 
Dubovik  said. 

-  Carol  Sliwa 
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EMC  Adds  Content  Tools  to  Storage  Product  Line 


Expands  its  software 
offerings  by  agreeing 
to  buy  Documentum 

BY  TODD  R.  WEISS 

EMC  Corp.  last  week  announced  an 
agreement  to  buy  content  management 
software  vendor  Documentum  Inc., 
saying  that  the  acquisition  will  make  it 
easier  for  users  of  EMC’s  storage  de¬ 
vices  to  manage  electronic  documents 
and  other  forms  of  unstructured  data. 

The  planned  purchase  of  Pleasanton, 
Calif.-based  Documentum  is  EMC’s 
second  major  acquisition  since  July, 
when  it  agreed  to  buy  storage  manage¬ 
ment  tools  vendor  Legato  Systems  Inc. 
[QuickLink  39749].  The  two  moves  are 
key  parts  of  a  plan  by  EMC  to  offer  an 
integrated  set  of  tools  for  managing 


data  throughout  its  life  cycle. 

Robert  Terdeman,  chief  technical  of¬ 
ficer  at  Rogers  Medical  Intelligence 
Solutions  in  New  York,  uses  EMC’s 
Centera  fixed-data  disk  array  with 
Documentum’s  software  and  said  he 
“can’t  see  any  downside  at  all”  to  the 
planned  acquisition.  The  combination 
should  give  Documentum  broader  ap¬ 
peal  among  corporate  users,  he  said. 

“It  also  repositions  EMC  into  the  world 
of  really  managing  information,  as  op¬ 
posed  to  managing  data,”  he  noted. 

The  deal  was  also  welcome  news  to 
Lev  Gonick,  CIO  at  Case  Western  Re¬ 
serve  University  in  Cleveland.  Case 
Western  now  will  be  able  to  tightly  in¬ 
tegrate  its  EMC  storage  hardware  with 
content  management  tools  if  it  decides 
to  install  the  latter  technology,  he  said. 

“We  certainly  have  flirted  with  using 
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Documentum  Overview 


■  PRODUCTS:  Software  that  automates 
the  management  of  documents,  records, 
Web  content  and  digital  assets 

I SBBBBBi 

■  REVENUE:  $135.2 1 
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Documentum,”  Gonick  said.  “We’re  all 
the  more  interested  now.  It’s  the  kind 
of  thing  we’ve  been  asking  EMC  for.” 
He  added  that  there  previously  was  “a 
significant  disconnect”  between  prod¬ 
ucts  like  the  ones  from  Documentum 
and  the  EMC-built  Clariion  disk  arrays 
and  Celerra  file  servers  that  Case 
Western  uses. 

Hopkinton,  Mass.-based  EMC  didn’t 
disclose  specific  product-integration 
plans  but  said  the  acquisition,  a  stock- 
swap  deal  valued  at  about  $1.7  billion 


at  current  prices,  will  let  it  incorporate 
Documentum’s  tools  with  arrays  other 
than  Centera  plus  its  data  protection 
and  storage  management  software. 

Peter  O’Kelly,  an  analyst  at  Patricia 
Seybold  Group  Inc.  in  Boston,  said  the 
deal  could  make  it  easier  for  IT  man¬ 
agers  to  address  problems  in  organiz¬ 
ing  data  and  making  it  available  to  end 
users.  It  also  “significantly  changes  the 
competitive  landscape  for  enterprise 
content  management,”  he  said. 

The  acquisition  is  due  to  be  com¬ 
pleted  early  next  year.  Mark  Lewis, 
vice  president  of  EMC’s  open  software 
operations,  said  Documentum  will  be¬ 
come  a  division  of  EMC  and  continue 
to  be  run  by  its  current  management. 
EMC  promised  that  Documentum’s 
software  will  continue  to  be  sold  for 
use  with  rival  storage  systems  and  that 
its  application  programming  interfaces 
will  remain  open.  “Our  objective  is  to 
sell  value-added  layers  . . .  not  to  lock 
those  layers  together  so  the  customer 
has  no  choice,”  Lewis  said.  ©  42145 


Citrix  CEO  Discusses  Linux,  Licensing 

BY  DON  TENNANT 

Application  access  software  vendor  Citrix 
Systems  Inc.  held  its  iForum  user  confer¬ 
ence  in  Orlando  last  week.  In  an  interview 
with  Computerworld,  Citrix  CEO  Mark 
Templeton  discussed  his  Linux  strategy  and 
the  Fort  Lauderdale,  Fla.,  company’s  at¬ 
tempt  to  respond  to  users’ concerns  about 
its  licensing  schemes.  Excerpts  follow: 


Citrix  has  been  joined  at  the  hip  with  Micro 
soft  for  well  over  a  decade.  Given  that  Mi¬ 
crosoft  sees  Linux  as  a  competitive 
threat,  do  you  see  Linux  as  a  threat 
or  an  opportunity?  Neither.  We 
see  it  as  just  another  part  of  the 
application  infrastructure  com¬ 
plexity  that  customers  deal 
with.  Our  role  is  to  make  sure 
we  stay  focused  on  our  goal  to 
provide  customers  with  a  suite 
of  products  that  allow  them  to 
deal  with  that  complexity. 

What  are  the  prospects  that  Citrix  will  offer 
a  MetaFrame  Presentation  Server  for  Lin¬ 
ux?  It’s  possible.  We  already  offer  a 
MetaFrame  Presentation  Server  for 
other  variations  of  Unix  —  Solaris, 

AIX  and  HP-UX.  So  from  a  technical 
perspective,  there’s  no  obstacle  in  any 
way,  shape  or  form  there. 

Is  Microsoft  an  obstacle?  They’re  not,  be¬ 
cause  this  is  about  doing  what  cus¬ 
tomers  need  for  access.  What  cus¬ 
tomers  need  really  drives  what  we 


build.  But  the  fact  of  the  matter  is  there 
aren’t  any  widely  accepted  applica¬ 
tions  at  the  user  tier  where  applica¬ 
tions  are  accessed  that  are  built  on  Lin¬ 
ux.  And  there  are  very  few  on  Unix 
anymore. 

At  last  year’s  iForum,  you  told  us  that  Cy¬ 
rix’s  licensing  was  too  complicated,  that  the 
company  was  working  on  technology  to 
solve  the  problem,  and  that  you  would  pre¬ 
sent  the  technology  to  users  in  about  a  year 
[QuickLink  34266].  How’s  it  com¬ 
ing?  The  technology-based  ap¬ 
proach  that  I  promised,  we 
demonstrated  yesterday  morn¬ 
ing.  We  demonstrated  an  access 
suite  licensing  service  that  we’ll 
release  next  year.  The  licensing 
service  basically  allows  IT  to 
have  one  place  to  go  to  see  all 
of  the  licenses  that  they  own, 
where  they  are  and  their  utiliza¬ 
tion.  They  can  optimize  the  utilization 
of  licenses  so  they  can  buy  more  when 
they  need  more,  not  when  they  guess 
they  need  more. 

You  said  it  would  be  ready  next  year.  Can 
you  nail  that  down  at  all?  I  can’t  right 
now.  I’ve  got  all  kinds  of  guys  on  my 
butt  that  tell  me  I  can’t  say.  ©  42144 

MORE  ONLINE 

To  read  the  full  interview  with  Templeton,  visit  our  Web  site: 

O  QuickLink  42140 
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She  said  that  up  to  half  of  all 
services  contracts  aren’t  con¬ 
trolled  by  procurement  de¬ 
partments  and  that  about  25% 
of  companies  have  no  formal 
procedures  for  buying  services. 

Elance  SPM  4  runs  on  Sun 


Solaris  servers  and  is  available 
as  a  product  or  a  managed  ser¬ 
vice,  with  prices  starting  at 
$500,000.  Elance  competes 
with  Ariba  Inc.,  PeopleSoft 
Inc.  and  several  small  vendors, 
Degnan  said.  O  41995 


Elance  Upgrades  Procurement  Software 


BY  MATT  HAMBLEN 

Elance  Inc.  last  week  launched 
an  upgrade  of  its  services  pro¬ 
curement  and  management 
software,  adding  bill-of-ser- 
vices  functionality  that  it  said 
can  provide  users  with  more 
detailed  information  about 
contract  costs  and  service- 
level  agreements. 

The  Elance  SPM  4  software 
is  designed  to  automate  and 
streamline  the  purchasing  of 
services  ranging  from  consult¬ 
ing  help  to  office  cleaning  and 
maintenance,  said  Diana  Jovin, 
vice  president  of  marketing  at 
Elance  in  Sunnyvale,  Calif. 

Motorola  Inc.  installed 
Elance  SPM  4  last  month  as 
an  early  adopter.  Dennis  Neu¬ 
mann,  director  of  indirect 
e-procurement  at  Motorola, 
said  the  software  will  be  used 
by  some  of  the  20,000  workers 
who  are  authorized  to  buy  ser¬ 
vices  for  the  company. 

Until  now,  Motorola’s  busi¬ 
ness  units  purchased  services 
separately,  without  a  compa¬ 
nywide  view  of  contract  infor¬ 
mation,  Neumann  said.  That 
meant  a  cleaning  contractor 
could  have  multiple  agree¬ 
ments  with  different  divisions 
all  paying  different  rates.  “It’s 
to  the  benefit  of  the  vendors 
to  divide  and  conquer,”  Neu¬ 
mann  noted.  But  with  Elance 
SPM  4,  Motorola’s  buyers  can 
quickly  find  out  if  corporate 
or  regional  contracts  have 
been  negotiated,  he  said. 

Breakdowns 

The  software  also  provides 
details  about  contracts  beyond 
their  overall  cost,  he  said.  For 
example,  it  can  tell  end  users 
the  percentage  of  a  consulting 
contract  that  went  toward  la¬ 
bor  costs  as  opposed  to  other 
expenses,  such  as  travel. 

Neumann  said  the  software 
could  help  Motorola  reduce 
the  cost  of  services  contracts 
by  10%  to  20%.  It  takes  about 
two  hours  to  train  a  procure¬ 
ment  manager  to  use  Elance’s 
tools,  he  said. 

Adopting  the  software  rep¬ 
resents  a  “culture  change,”  he 
added.  “It’s  a  big  challenge  to 
get  used  to  understanding  it 


and  using  a  lot  of  the  benefits.” 

The  savings  from  using  ser¬ 
vices  procurement  software 
can  total  as  much  as  30%  be¬ 


cause  such  contracts  are  typi¬ 
cally  “so  poorly  managed,” 
said  Christa  Degnan,  an  ana¬ 
lyst  at  Aberdeen  Group  Inc. 


Out-of-the-Box 
Best  Practices 


Outside-the-Box 

Thinking 


Your  Business,  Your  Way. 

You  want  to  think  outside  the  box. 
Your  budget  calls  for"out  of  the  box” 
Don’t  you  wish  you  could  have  both? 


...  -  r 

Now  more  than  ever  you  need  to  control  costs.  Software  solutions  implemented  straight  out  of  the  box  may  appear  rlvc.rper.antl;  V.  y 
raster  to  implement.  I  lie  problem  is.  with  rigid  applications  dictating  how  you  run  your  business,  your  teaiiis  risk, being  {pipped,  : 

inside  the  box.  .  “  i 

What  it  you  found  Service  Management  solutions  that  delis ei  industry  best  practices  like  I  I  II  —  and  also  empower  so'u.to  'yvV'c'/fjlic'c/ 
implement  the  unique  processes  that  maximise  the  value  of  your  1  I  and  servii  e  support  organisations?  With  Remedy,  you.  have  it  alt  ..«/ 

Reined,  s  Service  Management  software  solutions,  including  I  lelp  I  >esk.  C  distomer  Support.  Asset  Management,  iui.fl  C’.HilSgtf’.  ’s’fejfpy 
Management.  deliver  out  of  the  box.  and  outside  the  hox-quickly,  easily,  within  your  budget.  .  ,i  ■  •••  ; 


inside  the  box. 


www.remedy.com/advantage 
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As  of  today,  security  is  not  just  about  what  you  can 


Start  with  Intrusion  Prevention  Solutions  from  McAfee  Security®  and  dis¬ 
cover  how  to  go  beyond  merely  detecting  threats  to  preventing  them  Altogether 
With  McAfee  System  Protection  and  Network  Protection  Solutions;  your 
business  is  completely  protected — from  the  core  to  the  edge  of  your  network, 
including  servers  and  desktops. 


It's  about  what  you  can 


Start  building  productivity  faster.  Knowing  your  network  and  systems  are 
safe  from  both  known  and  unknown  threats,  you'll  be  free  to  focus  on  bigger 
picture  issues,  like  maximizing  the  ROI  of  your  technology  investment. 


Start  saying  yes  to  users  more.  Users  want  full  Internet  access,  they  want 
laptops,  they  want  PDAs,  they  want  wireless,  and  they  don't  want  to  hear  about 
how  security  concerns  outweigh  their  needs.  Now  they  don't  have  to.  Because 
with  McAfee  Security  you  can  start  giving  them  the  technologies  they  need 
without  giving  up  the  security  your  enterprise  demands. 
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Start  growing  securely.  When  you're  secure  you  can  start  thinking  more 
about  how  ideas  spread  and  less  about  how  network  threats  spread.  You  can 
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Start  today  at  start.mcafeesecurity.com 
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Network  Associates' 


Network  Associates  and  McAfee  Security  are  registered  trademarks  or  trademarks  of  Network  Associates* >nB;-afKB8t-ifeit3aMI 
affiliates  in  the  US  and/or  other  countries  All  other  registered  and  unregistered  trademarks  herein  are  the  sole 
of  their  respective  owners  ©  2003  Networks  Associates  Technology  Inc  All  Rights  Reserved  >  '  ;•  :i  .  >'■  ’< 
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MARYFRAN  JOHNSON 


PIMM  FOX 


Ethics  and  Influence 


HOW  US  YOUR  ETHICS,  or  we’ll  show  you 
the  door.  Earn  back  our  trust  in  your  objec¬ 
tivity.  Prove  the  value  of  your  research  to 
our  businesses  today. 


Those  were  the  core 
messages  that  some  of 
you  delivered  to  IT  mar¬ 
ket  research  firms  in 
Computerworld’ s  user 
survey  on  the  ethics  and 
disclosure  policies  of  IT 
research  firms  [Quick- 
Link  42031].  A  substantial 
87%  of  133  senior  IT  man¬ 
agers  we  surveyed  said 
yes,  they  have  questioned 
the  statistical  value  or  in¬ 
tegrity  of  market  research. 

The  same  percentage  said  yes,  they 
want  “published,  clearly  stated 
ethics  policies  governing  the  ven¬ 
dor/client  relationships”  from  ana¬ 
lyst  firms  such  as  Aberdeen  Group, 
AMR  Research,  Forrester  Research, 
Gartner,  IDC  and  Meta  Group. 

IT  executives  are  issuing  a  clear 
message.  They  want  greater  disclo¬ 
sure  about  the  financial  relation¬ 
ships  between  vendors  and  market 
researchers.  “Like  any  other  compa¬ 
nies,  I  understand  that  [IT  research 
firms]  have  to  go  after  different 
sources  of  funding,”  said  Cathy 
Brune,  CTO  at  Allstate  Insurance. 
“But  they  need  to  be  honest  about 
saying  who  pays  for  the  research.” 

To  their  credit,  both  Forrester  and 
Aberdeen  responded  to  criticisms 
about  “praise-for-pay”  business 
practices  with  immediate  changes. 
Forrester  is  no  longer  letting  ven¬ 
dors  that  sponsor  research  then 
publicize  the  results,  as  recently 
happened  with  Microsoft  and  Peo- 
pleSoft.  Aberdeen  will  start  posting 
an  ethics  policy  online  and  disclos¬ 
ing  sources  of  research  funding. 

The  other  firms  we  spoke  to  for 
our  report  —  including  Computer- 
world’  s  sister  company  IDC  —  all 
clarified  the  rules  of  engagement  on 
how  their  research  is  funded.  They 
also  took  pains  to  address  vendor- 


MARYFRAN  JOHNSON  is 

editor  in  chief  of  Comput¬ 
erworld.  You  can  contact 
her  at  maryfran Johnson® 
computerwortd.com. 


sponsored  research, 
which  they  recognize  as 
the  greatest  potential 
conflict  of  interests  and 
threat  to  their  integrity. 
Once  lost,  user  trust  in 
the  validity  of  their  re¬ 
search  would  be  forever 
gone. 

Some  of  the  IT  execu¬ 
tives  we  interviewed 
also  raised  the  specter  of 
analysts  wielding  undue 
influence  over  how  a 
fledgling  technology  market  devel¬ 
ops.  IT  researchers  “can  tout  a  par¬ 
ticular  product  and  have  their  sub¬ 
scribers  go  in  that  direction  at  the 
cost  of  some  very  good  products 
and  services  that  don’t  get  the  sup¬ 
port  they  deserve,”  said  Bruce  Fa- 
dem,  CIO  at  pharmaceutical  compa¬ 
ny  Wyeth. 

Bottom  line:  Everyone  in  this  in¬ 
dustry  should  continue  to  question 
the  source  and  veracity  of  informa¬ 
tion  about  technology.  Hopefully, 
this  heightened  awareness  of  how 


IT  research  is  conducted  will  help. 

One  final  note  on  this  topic:  Last 
month,  when  I  first  wrote  about  an¬ 
alyst  credibility  problems  [“A  Ques¬ 
tion  of  Credibility,”  QuickLink 
41489],  I  cited  Nucleus  Research  as 
an  unusual  example  of  an  indepen¬ 
dent  research  firm  that  relied  “en¬ 
tirely  on  its  user  client  subscription 
and  accepts  no  vendor  business.” 
That  was  inaccurate  (my  mistake), 
and  I  overstated  the  case. 

“We  don’t  do  any  custom  or  com¬ 
missioned  work  for  vendors,”  said 
CEO  Ian  Campbell,  “but  to  say  we 
never  take  money  from  vendors  is 
not  quite  right.”  Nucleus  sells  its 
subscription  service  only  to  users, 
but  vendors  and  other  interested 
parties  can  buy  reprints  of  the  com¬ 
pany’s  ROI  reports  and  case  studies. 
So  a  percentage  of  its  revenue  may 
come  from  vendor  sources. 

Campbell  added  that  vendors  also 
refer  their  customers  to  Nucleus  to 
conduct  ROI  studies  for  them.  In 
some  cases,  the  vendors  have  paid 
for  that  research  on  behalf  of  those 
customers,  although  a  nondisclosure 
agreement  is  always  signed  with  the 
user.  “There’s  no  question  about 
whom  we’re  working  for,”  he  added. 

Seems  like  a  good  thing  for  every¬ 
one  to  keep  in  mind.  ©  42153 
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Enliven  ^Vbur 
Help  Desk 
Operations 

Admit  it.  When  you 
think  about  the  help 
desk,  you  think,  Boring! 
The  prevailing  image  is  of  a 
Kafkaesque  warren  of  gray 
cubicles,  populated  by  a  crisis- 

driven,  frantically  overworked  staff 
who  experience  endless  Dilbert-like 
encounters.  From  the  end  user’s  angle, 
dealing  with  the  help  desk  means  be¬ 
ing  sucked  into  a  death  spiral  of  in¬ 
complete  trouble  tickets. 

That’s  the  old,  one-dimensional, 
soulless  help  desk  operation. 

But  a  new  technology-led,  enlight¬ 
ened  and  beefed-up  help  desk  system 
has  been  adopted  by  American  Air¬ 
lines  Federal  Credit 
Union  in  Fort  Worth, 

Texas.  Instead  of  the 
credit  union’s  IT  de¬ 
partment  having  to 
scramble  in  response 
to  each  user  crisis,  it 
now  uses  help  desk 
software  to  manage 
user  requests  and  in¬ 
ternal  projects,  says 
MIS  supervisor  Jesse 
Davis.  “We’ve  gone 
from  a  2-ft.-by-5-ft. 
whiteboard  to  software  with  user  pro¬ 
files,  query  functions  and  easy  output 
to  Excel  files  to  spot  trends,”  he  says. 

Want  to  know  the  top  five  problems 
of  the  week  to  see  if  you  are  repeatedly 
responding  to  the  same  one?  It’s  easy 
to  get  a  graphical  representation.  Need 
to  add  a  field  for  training  issues?  With 
the  software,  it’s  no  problem  to  create 
new  ones. 

The  software  is  HelpStar  from  Mis¬ 
sissauga,  Ontario-based  Help  Desk 
Technology  International  Corp.  It  gen¬ 
erates  reports  that  form  many  of  the 
talking  points  for  the  credit  union’s 
Monday  morning  IT  meetings. 

The  system  is  a  boon  for  both  IT 
managers  and  end  users.  For  example, 
when  a  new  branch  is  in  the  works  (the 
credit  union  has  40),  IT  managers  log 
onto  the  help  desk  system  to  see  the 
schedule  of  all  IT  projects  associated 
with  the  opening. 

From  the  other  side,  “a  loan  officer 
might  log  on  and  report  a  problem 
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its  size  is  no  indication  of  its  capabilities. 


Think  big,  and  the  HP  iPAQ  Pocket  PC  h2210  keeps  up.  You  can 
rework  Microsoft’  Office  Word,  Excel  and  Outlook  documents 
Communicate  wirelessly  with  other  Bluetooth-enabled  devices' 
Leave?  yourself  a  voice  memo.  Even  make  your  free  time  more 
productive  by  easily  managing  digital  photos  or  listening  to  MP3s! ' 
The  HP  iPAQ  h2210  packs  it  all  into  one  sleek  package— -with  a 
slot  for  additional  memory  or  even  a  GPS  card.  Get  more 
performance.  Get  more  connectivity.  Get  the  HP  iPAQ  h2210 


HP  iPAQ  Pocket  PC  h2210 

Starting  at  S399 
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Hewlett-Packard  is  pleased  to  participate  in  Computerworld's  Mobile  and  Wireless 
"Knowledge  Center"  issue  and  to  profile  the  winners  of  the  2003  "Best  Practices 
in  Mobile  &  Wireless"  Awards  Program.  Winners  have  distinguished  themselves  as 
innovators,  and  by  sharing  their  success  stories  with  other  IT  managers,  they 
inspire  similar  winning  solutions.  HP  is  proud  to  have  sponsored  this  prestigious  awards  program. 

I  would  also  like  to  acknowledge  and  thank  the  many  companies,  public  relations  firms, 
agencies,  other  organizations  and  individuals  who  took  the  time  to  respond  to  the  nomination 
submission  process.  Narrowing  the  field  down  to  100  finalists  was  a  difficult  challenge. 

Additionally,  HP  would  like  to  extend  its  thanks  to  the  judges  who  had  the  arduous  task  of 
selecting  winners  and  honorable  mention  designates.  HP  and  Computerworld  are  most  appre¬ 
ciative  for  your  dedication  to  this  program. 

I  hope  that  the  profiles  of  the  ten  winners  in  this  supplement  will  help  you  to  identify  the 
challenges  that  you  face  and  enable  you  to  derive  benefits  from  the  deployment  of  mobile  and 
wireless  technology.  These  exciting  and  innovative  technologies  are  creating  avenues  to  meet 
business,  administrative  and  customer  service  challenges. 

Once  again,  congratulations  to  the  winners  of  this  program  and  best  of  luck  to  you  and  all 
readers  of  this  Special  Supplement  in  your  future  IT  solution  endeavors. 


Duane  Zitzner 
Executive 


Vice  President, 
HP  Personal 
Systems  Group 
Hewlett-Packard 
Company 
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Company  Overview 


U.S.  Army's  Program 
Management  Office  — 
Combat  Systems 

PM  Combat  Systems, 

Systems  Engineering  Division, 
System  Integration  Branch 
Attn:  SFAE-GCS-CS-S 
MS  506 

6501  East,  11  Mile 
Bldg.  229,  4th  Floor 
Warren,  MI  48397-5000 


The  U.S.  Army's  Program 
Management  Office  — 
Combat  Systems 

The  Program  Management  Office  —  Combat 
Systems  takes  a  total  army  perspective  in  managing 
the  development,  acquisition,  testing,  systems  inte¬ 
gration,  product  improvement  and  fielding  of  the 
Abrams  Tank  Systems  and  Bradley  Fighting 
Vehicles.  Its  task  is  to  provide  world-class  equip¬ 
ment  to  the  armored  soldier,  permitting  him  to  achieve  decisive  victory. 


Abrams  Team 
Project  Champions 


URL: 

www.peogcs.army.mil/ 

about.cfm 

Established: 

1965 

Number  of  Employees: 

150 

Business  Profile: 

The  group  is  charged  with 
enhancing  the  capabilities  of 
armored  combat  crews  without 
adding  to  their  burden.  With  a 
budget  of  over  $500,000,  the 
group  must  deliver  a  reliable 
and  workable  solution  in 
extremely  harsh  conditions. 

Deployment  History: 

The  Abrams  M1A2  SEP  and 
Bradley  M2A3  were  used  as  the 
proof-of-principle  technology 
for  integrated  platforms  that 
will  be  used  to  feed  into  other 
efforts  such  as  the  Interim 
Armored  Vehicle  Program,  the 
Future  Combat  System  and  the 
Objective  Warrior  Program. 


Challenges 

The  goal  was  to  give  armored  fighting  commanders  the  ability  to  command  from 
either  inside  or  outside  the  vehicle  without  ever  breaking  visual  contact  with  the  enemy 
or  adding  to  the  burden  of  the  crew. 

Since  digital  Situational  Awareness  became  available  for 
armored  fighting  vehicle  crews,  those  crews  have  been  ask¬ 
ing  for  ways  to  improve  battle  command  on  the  move  and 
command-and-control  capabilities  while  in  action. 

Currently,  armored  commanders  must  get  down  inside  the 
vehicle  and  thus  lose  their  overall  view  of  the  outside  com¬ 
bat  picture. 

Solution 

The  Objective  Integrated  Combat,  Command  and 
Control  (IC3)  program  implemented  by  the  PM  Combat  Systems  group  allows  com¬ 
manders  to  receive  battlefield  data  through  a  secure  wireless  LAN  and  interact  with  that 
data  without  ever  losing  sight  of  the  enemy. 

Benefits 

Commanders  can  receive  cmcial  data  on  a  helmet-mounted  display,  which  means 
they  never  have  to  lose  the  enemy  visually.  The  commander  can  also  interact  with  that 
data  via  a  tactical  voice-activated  system,  which  allows  the  commander  to  communicate 

with  other  units,  including  fire  missions,  medical 
evacuation  and  supporting  arms  liaison  teams.  The 
program  reduces  the  armored  crews'  burden, 
improves  the  soldier-machine  interface  and  can  be 
used  whether  the  commander  is  tethered  to  the  vehi¬ 
cle  or  not.  All  in  all,  the  program  offers  armored  crews 
a  tactical  edge  in  combat. 
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Recognizes  the  successful  design,  implementation  and  management  of  an  interoperable  mobile  and  wire¬ 
less  architecture.  Demonstrates  the  ability  to  source/implement  from  multiple  vendors  and  to  maintain  a 
heterogeneous  environment. 


Kurt  Zimmer 
Project  Champion 


Putnam  Investments 

Putnam  Investments  is  a  global  money  management 
firm  with  65  years  of  investment  experience,  $271  billion  in 
assets  under  management,  over  700  institutional  clients, 
and  nearly  13  million  shareholders  and  retirement  plan 
participants. 

Challenges 

The  IT  organization  must  support  a  mobile  workforce  of 
wholesalers  who  spend  up  to  80%  of  their  time  on  the  road 
and  have  limited  access  to  computer  networks  and  enter¬ 
prise  applications.  These  wholesalers  are  critical  in  helping 
Putnam  differentiate  its  products  from  those  of  its  competitors  and  in  ensuring  that 
financial  advisors  recommend  Putnam's  mutual  funds.  Putnam  targeted  three  key  areas 
to  meet  its  goals: 

•  Ensure  that  wholesalers  knew  their  advisors  well  and 
were  able  to  improve  service  to  them. 

•  Reduce  the  administrative  load  on  inside  sales  repre¬ 
sentatives. 

•  Provide  better  management  control  of  the  sales 
process. 

Solution 

Putnam  chose  a  mixture  of  products  from  several  differ¬ 
ent  vendors  for  devices  and  device  management  software. 

The  hybrid  solution  allowed  Putnam's  staff  to  access  the 

company's  email  and  CRM  and  sales  programs.  Putnam's  sales  force  is  now  able  to  man¬ 
age  contact,  sales  data  and  reports;  track  account  activity;  and  address  other  key  business 
functions  in  a  two-way  data  exchange  with  Putnam's  enterprise  systems. 


Benefits 

Wholesalers  have  logged  more  than  60,000  contract  activities  through  their  PDAs 
since  the  program  was  rolled  out  late  last  year.  User  adoption  is  over  90%  in  an  audience 
that  was  traditionally  tough  on  new  technology.  Sales  management  noted  several  key 
benefits,  including  improved  wholesaler  efficiency,  fewer  calls  to  inside  sales  and  more 

consistent  tracking  of  field  sales  activity. 

Future  activities  include  upgrading  the  entire 
process  with  the  latest  vendor  offerings  and  rolling 
the  program  out  to  the  international  sales  team. 


Company  Overview 


Putnam  Investments 

One  Post  Office  Square 
Boston,  MA  02109 

URL: 

www.putnam.com 

Established: 

1938 

Business  Profile: 

Putnam  Investments  is  a  global 
money  management  firm  with 
$271  billion  in  assets  under 
management,  over  700  institu¬ 
tional  clients,  and  nearly  13  mil¬ 
lion  shareholders  and  retire¬ 
ment  plan  participants.  It  offers 
a  broad  range  of  investment 
products  including  institutional 
portfolios;  401  (k)s,  IRAs  and 
other  retirement  plans;  mutual 
funds;  variable  annuities;  and 
alternative  investments  for  insti¬ 
tutions  and  high-net-worth 
investors. 

Deployment  History: 

The  project  began  with  a  pro¬ 
duction  pilot  rollout  to  12 
wholesalers,  serving  as  a  test 
group  to  gauge  the  interest  of 
the  sales  team  and  usefulness  of 
the  technology.  The  pilot  went 
live  in  10  weeks  and  was  met 
with  strong  positive  feedback. 
The  rollout  continued  to  the  full 
sales  team  in  December. 


PUTNAM 

INYESTMENTS 
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Company  Overview 


Guidant  Corp. 

Ill  Monument  Circle,  #2900 
Indianapolis,  IN  46204 

URL: 

www.guidant.com 

Established: 

1994 

Number  of  Employees: 

12,000 

Business  Profile: 

Guidant  develops,  manufac¬ 
tures  and  distributes  medical 
technologies  to  treat  cardiovas¬ 
cular  and  vascular  disease.  Its 
therapies  save  and  improve  the 
lives  of  thousands  of  patients 
around  the  world  every  day. 
Guidant  was  incorporated  in 
1994,  and  since  has  grown  to 
$3.2  billion  in  revenue  and 
more  than  12,000  employees 
worldwide. 

Deployment  History: 

Guidant  transformed  its  terms 
of  competition  in  the  industry 
and  enhanced  its  ability  to 
serve  its  clients.  Guidant  plans 
to  expand  the  Implant 
Registration,  Inventory  and 
Sales  system  to  a  total  of  1,500 
mobile  users  over  the  next  two 
years  and  add  up  to  eight  more 
applications. 


K  II  I  □  A  NT 


Guidant  Corp.  Team 
Project  Champions 


Challenges 


Guidant  Corp. 

Guidant  is  a  world  leader  in  the  design 
and  development  of  cardiovascular  medical 
products.  Guidant's  technologies  help 
patients  with  heart  disease  return  to  active 
and  productive  lives.  The  company's  head¬ 
quarters  are  in  Indianapolis,  with  major 
operations  in  California,  Minnesota,  Texas, 
Washington,  Puerto  Rico  and  Ireland. 
Guidant's  products  are  distributed  by  a  sales 
force  recognized  throughout  the  industry  for 
its  clinical  expertise  and  customer  service. 


Guidant's  Cardiac  Rhythm  Management  group  develops  devices  that  correct  life- 
threatening  rapid  or  irregular  heartbeats.  Guidant  has  more  than  1,300  representatives 
on  site  in  the  operating  room  to  provide  technical  assis¬ 
tance  related  to  the  device.  Guidant  needed  a  way  to 
enhance  the  ability  of  this  team  to  do  its  job. 

Solution 

Guidant's  sales  force  automation  team  equipped  these 
field  representatives  with  laptops  running  a  collection  of 
the  most  up-to-date  applications.  Access  to  the  Guidant  net¬ 
work  was  through  dial-up,  Wi-Fi  or  broadband  connections 
with  dual-factor  authentication.  The  Implant  Registration, 

Inventory  and  Sales  (IRIS)  system  was  the  next  major  tool 
to  be  added  to  the  Guidant  sales  force  toolbox.  The  file  replication  subsystem  is  the  back¬ 
bone  of  the  IRIS  system  and  other  software  tools  in  the  future.  IRIS  distributes  the  data 
field  representatives  need  to  do  their  jobs  efficiently  and  effectively,  and  allows  head¬ 
quarters  to  capture  data  about  implants  and  sales  from  the  field  reps. 


Benefits 

The  new  system  guards  against  bandwidth  creep  and 
keeps  the  length  of  synchronization  sessions  to  a  mini¬ 
mum.  It  also  offers  a  single,  integrated  console.  This 
allows  the  IT  staff  to  configure  data-sharing  logic,  start 
and  restart  servers,  view  detailed  system  logs  and  manage 
the  user  community. 
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Acknowledges  implementation  strategies  and  programs  to  ensure  highly  available  information  and  data 

# 

access.  Examples  of  business  continuance  initiatives  (backup  plans,  staging,  performance  testing/projec¬ 
tions,  etc.)  were  key  considerations. 
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Motorola  Inc. 

Founded  in  1928,  Motorola  has  gone  on  to  become  a 
worldwide  force  in  the  wireless,  broadband  and  Internet 
industries.  The  company  has  become  known  for  its  soft- 
ware-enhanced  wireless  telephone  and  messaging;  two-way 
radio  products  and  systems;  and  networking  and  Internet- 
access  products.  In  addition,  Motorola  is  a  recognized 
maker  of  integrated  electronics  systems  for  the  automotive, 
industrial  and  portable  energy  markets. 

Challenges 

Eighty  percent  of  Motorola's  PCs  are  laptops.  Its  PCs  are 
connected  to  local-area,  wide-area  and  enterprise  networks,  some  with  very  low  band¬ 
width.  Previous  backup  systems  that  relied  on  human  intervention  were  prone  to  error 
and  eventual  data  loss.  Motorola  needed  a  PC  backup-and-recovery  software  solution  for 
a  highly  mobile  and  diverse  computing  environment. 

Solution 

Motorola  turned  to  a  commercially  available  recovery 
solution  that  was  recommended  by  one  of  its  employees, 

Ron  Neher.  The  product  allows  for  even  the  backup  of  live 
data  on  a  regular  basis  without  human  intervention,  and  it 
only  records  the  data  that  changed  since  the  last  backup,  so 
bandwidth  is  never  a  problem.  In  fact,  CPU  utilization  dur¬ 
ing  a  backup  is  as  low  as  10%  to  20%.  Employees  no  longer 
have  to  remember  to  perform  backups,  and  they  can  recov¬ 
er  any  lost  data  with  a  simple  right-click  of  their  mouse. 

Benefits 

During  the  first  backup,  everything  on  a  machine's  hard  drive  is  recorded.  After  that 
initial  save,  only  the  data  that  has  changed  is  compressed  and  sent  over  the  network  for 
storage.  This  technology  is  an  excellent  fit  for  remote  and  mobile  users  on  bandwidth- 

sensitive  connections. 

The  company  has  23,550  licensed  users  who  have  an 
average  of  1.62  GB  of  unique  data  that  needs  to  be  backed 
up.  Motorola  conducted  a  before-and-after  assessment  of 
its  PC  data  restore,  recovery  and  replacement  costs  and 
found  that  it  saved  $6.04  million  each  year  in  labor  costs. 
Right  now,  the  company  is  in  the  process  of  expanding  the 
program  to  cover  all  of  its  employees. 


Ron  Neher 
Project  Champion 


Company  Overview 


Motorola  Inc. 

1303  E.  Algonquin  Road 
Schaumburg,  IL  60196 

URL: 

www.motorola.com 

Established: 

1928 

Number  of  Employees: 

97,000 

Business  Profile: 

Motorola  Inc.  is  recognized  in 
the  wireless,  automotive  and 
broadband  communications 
industries  worldwide.  Sales  in 
2002  were  $27.3  billion. 
Motorola  is  a  global  corporate 
citizen  dedicated  to  ethical 
business  practices  and  pioneer¬ 
ing  important  innovations  that 
make  things  smarter  and  life 
better,  honored  traditions  that 
began  when  the  company  was 
founded  75  years  ago  this  year. 

Deployment  History: 

Implementing  the  recovery 
solution  for  backup  and  recov¬ 
ery  of  enterprise  PC  data  has 
helped  Motorola  save  $6.04 
million  annually  in  reduced 
labor  costs  associated  with  PC 
backup  and  recovery. 

Motorola's  PC  base  consists  of 
about  80%  laptops.  With  the 
vulnerability  of  data  in  a  highly 
mobile  user  base,  an  effective 
and  efficient  backup-and-recov¬ 
ery  solution  is  mandatory. 


MOTOROLA 

intelligence  everywhere' 


MOBILE 

TECHNOLOGY 


HP  recommends  Microsoft 


Your  deadline  says  you  have  to  work  through  lunch. 

Your  wireless  notebook  says  you  don't  have  to  do  it  from  your  desk. 


Now  you  and  your  employees  can  have  the  flexibility  of  working  in  more 
places— giving  your  ideas  more  room  to  roam.  After  all,  HP's  new  notebooks, 
powered  by  In  ;l  Centrino™  mobile  technology,  are  engineered  with  802.11b 
wireless  networking  capability*  So  while  the  times  may  demand  you  and 
your  people  work  harder,  they  don't  get  to  tell  you  where.  Get  more  mobility, 
Get  more  productivity.  Get  HP  wireless  notebooks. 


hp 


HP  Compaq 
Business  Notebook  nx7000 

Starting  at  $1,699* 

Call  your  local  reseller  or  visit 
www.hp.com/go/notebook. 


Inteh  Intel  Centrino.  Intel  Inside,  the  Intel  Centrino  Logo  and  the  Intel  Inside  Logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States 
and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  ©  2003  Hewlett-Packard  Development  Company.  L.P. 
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Information  Security 

Company  Overview 


INTEGRIS  Health  Inc. 

3300  N.W.  Expressway 
Oklahoma  City,  OK  73112 

URL: 

www.integris-health.com 

Established: 

1983 

Number  of  Employees: 

7,510 

Business  Profile: 

INTEGRIS  Health  is 
Oklahoma's  largest  not-for- 
profit  healthcare  organization, 
operating  12  major  facilities 
that  support  over  7,510  medical 
and  administrative  staff  and 
450  independent  physicians. 
Named  one  of  the  100  "most 
wired"  health  systems  for  four 
consecutive  years,  INTEGRIS 
has  a  continued  commitment 
to  quality  healthcare. 

Deployment  History: 

With  an  unidentified  mix  of 
hospital-  and  physician-owned 
mobile  and  wireless  devices,  the 
first  priority  was  to  silently 
monitor  5,000  workstations  to 
detect  synchronization  and  cre¬ 
ate  an  inventory  of  mobile 
users  and  devices  with  a  securi¬ 
ty  management  software  solu¬ 
tion.  Balancing  usability  and 
security  has  resulted  in  over¬ 
whelmingly  positive  feedback 
for  the  security  solution. 


♦ 


INTEGRIS 


Health 


William  Woloszyn 
Project  Champion 


INTEGRIS  Health  Inc. 

INTEGRIS  Health  is  Oklahoma's  largest  not-for-profit 
healthcare  provider,  operating  12  major  facilities  with  more 
than  7,510  medical  and  administrative  staff  and  450  inde¬ 
pendent  physicians. 

Challenges 

To  provide  higher  quality  patient  care,  INTEGRIS  Health 
uses  mobile  and  wireless  technology  to  access  patient 
records  and  lab  results  at  the  point  of  care.  However,  infor¬ 
mation  resident  on  mobile  devices  is  not  protected  by  exist¬ 
ing  network  security  and  poses  new  threats  to  the  privacy  of  health  information  that  is 
governed  by  Health  Insurance  Portability  and  Accountability  Act  (HIPAA)  privacy  rules. 
INTEGRIS  Health  needed  a  cost-effective  security  solution  that  would  protect  sensitive 
information  from  wrongful  disclosure  in  the  event  the  mobile  device  was  misplaced  or 
stolen. 

Solution 

INTEGRIS  Health  implemented  a  mobile  security  pro¬ 
gram  using  a  commercially  available  security  and  manage¬ 
ment  software  product.  This  enables  INTEGRIS  Health  to 
control  security  for  mobile  users  across  diverse  computing 
platforms.  Users  are  authenticated  with  a  personal  identifi¬ 
cation  number  (PIN)  or  password  to  protect  information 
contained  on  the  device.  This  also  ensures  data  confiden¬ 
tiality  and  controls  connectivity.  In  addition,  information 

on  the  devices  is  automatically  deleted  if  they  are  lost  or  stolen.  Security  functions  are  vir¬ 
tually  transparent  to  the  user  and  enable  physicians  to  reset  their  own  PIN  or  password. 


Benefits 

INTEGRIS  Health  can  now  minimize  the  burden  of  enforcing  compliance  to  mobile 
and  wireless  security  policies  by  centralizing  policy  administration  and  automating  dis¬ 
tribution  processes.  Administrators  can  control  policy  settings  and  device  use  based  on 

existing  group  and  user  profiles.  This  eliminates  the 
need  to  update  multiple  systems  each  time  a 
change  in  employment  status  is  made. 

In  addition,  INTEGRIS  Health  now  controls 
mobile  device  use  and  can  prevent  rogue  devices 
from  accessing  networked  resources. 
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A  case  study  on  the  successful  implementation  of  secure  mobile  and  wireless  computing/communicating 
and  recovery  from  a  significant  network  or  systems  disruption.  Summary  analysis  of  restart/recovery  factors 
(backup  deployment,  time  to  restart  and  restore,  information/data  loss,  etc.)  was  essential. 


Los  Alamos 
National  Laboratory 

Los  Alamos  National  Laboratory  focuses  on  national 
security  issues.  In  their  effort  to  help  the  country  counter 
nuclear  proliferation  —  the  possibility  that  someone  may 
try  to  introduce  a  weapon  to  the  U.S.  and  detonate  it  — 
IANL  scientists  have  developed  a  hand-held  nuclear  iso¬ 
tope  identifier  that  can  not  only  identify  the  source  of 
radiation,  but  also  send  data  about  it  to  experts  who  can 
William  S.  Murray  provide  further  analysis. 

Project  Champion 

Challenges 

Border  officials  currently  use  large  portal  monitors  that  people  walk  through.  These 
machines  can  generally  tell  if  there's  radiation  present,  but  not  what  that  radiation  is.  In 
many  cases,  people  with  cancer  or  other  problems  that 
require  the  use  of  medical  isotopes  set  those  detectors  off. 

A  device  was  needed  to  allow  officials  to  tell  right  away  if 
the  radiation  was  from  a  legitimate  device  or  a  weapon  of 
some  kind. 

Solution 

LANL  scientists  developed  a  hand-held  nuclear  isotope 
identifier  that  can  identify  the  source  of  radiation  and  send 
data  about  it  to  experts  who  can  provide  further  analysis. 

The  device  consists  of  two  parts.  The  first  is  based  on  a  com¬ 
mercially  available  handheld  that  provides  the  user  interface,  communication  device  and 
data  archiving.  The  second  part  is  a  radiation  detector  that  has  a  microprocessor.  The 
handheld  slips  into  a  cradle  on  the  detector  and  communicates  with  the  radiation  detec¬ 
tor's  microprocessor. 

Benefits 

The  handheld  is  a  lot  easier  to  carry  around  in  the  field  and  is  easy  to  use.  It  also  allows 

for  flexibility  in  the  future.  In  addition,  the  hand¬ 
held  makes  it  easy  to  transfer  data  to  other 
machines,  allowing  a  more  detailed  analysis  by  spe¬ 
cialists.  The  use  of  a  commercially  available  prod¬ 
uct  also  ensures  that  the  lab  will  not  be  put  into  the 
position  of  trying  to  build  its  own  upgrades  to  the 
handheld  and  its  interface. 


Company  Overview 


Los  Alamos  National 
Laboratory 

Bikini  Atoll  Rd.,  SM  30 
Los  Alamos,  NM  87545 

URL: 

www.lanl.gov 

Established: 

1943 

Number  of  Employees: 

11,359 

Business  Profile: 

Los  Alamos  National 
Laboratory  is  operated  by  the 
University  of  California  for  the 
National  Nuclear  Security 
Administration  (NNSA)  of  the 
U.S.  Department  of  Energy  and 
works  in  partnership  with 
NNSA's  Sandia  and  Lawrence 
Livermore  national  laboratories 
to  support  NNSA  in  its  mission. 

Deployment  History: 

In  1997,  Los  Alamos  started 
looking  for  ways  to  make  radia¬ 
tion  detection  devices  smaller 
and  simpler  to  use  for  people 
with  little  technological  experi¬ 
ence.  The  events  of  Sept.  11, 
2001,  have  made  the  need  for 
this  technology  even  more 
pressing. 


•  Los  Alamos 

NATIONAL  LABORATORY 
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Financial  Payback 


Company  Overview 

Burlington  Northern 
Santa  Fe  Railway  Co. 

2650  Lou  Menk  Drive,  2nd  Fir. 

P.O.  Box  961057 

Fort  Worth,  TX  76161-0057 

URL: 

www.bnsf.com 

Established: 

1995 

Number  of  Employees: 

38,000 

Business  Profile: 

The  Burlington  Northern  Santa 
Fe  Railway  Co.  operates  one  of 
the  largest  railroad  networks  in 
North  America,  with  33,000 
route  miles  covering  28  states 
and  two  Canadian  provinces. 
This  network  covers  the  western 
two-thirds  of  the  U.S.,  stretch¬ 
ing  from  major  Pacific 
Northwest  and  Southern 
California  ports  to  the  Midwest, 
Southeast  and  Southwest,  and 
from  the  Gulf  of  Mexico  to 
Canada. 

Deployment  History: 

Within  two  months  of  imple¬ 
menting  its  program,  the  BNSF 
realized  a  dramatic  return  on 
investment.  The  railroad  deter¬ 
mined  that  it  reduced  the  usage 
cost  per  minute  for  wireless 
devices  by  37%  and  has  signifi¬ 
cantly  driven  down  TCO. 


BNSF 


Burlington  Northern 
Santa  Fe  Railway  Co. 

BNSF  operates  in  28  states  and  two  Canadian  provinces 
and  moves  freight  over  a  rail  network  stretching  33,000 
route  miles,  making  it  one  of  the  largest  railroads  in  North 
America.  Wireless  capabilities  enable  BNSF  to  improve 
service  levels  and  generate  efficiencies  by  keeping  train 
crews,  maintenance  crews  and  management  aware  of  cur¬ 
rent  schedules  and  work  plans. 

John  Hicks 

Project  Champion  Challenges 

The  majority  of  BNSF's  employees  uses  wireless  devices 
as  their  primary  link  to  the  office  or  dispatch  center.  But  as  dependency  on  wireless  grew, 
the  company  faced  rising  costs.  BNSF  needed  a  comprehensive  solution  to  address  its 
wireless  management  challenges  without  dedicating  additional  internal  resources. 
Challenges  included  accessing  wireless  usage  infor¬ 
mation  and  associated  costs  across  carriers,  identi¬ 
fying  savings  opportunities  and  maximizing  the 
return  on  investment  (ROI)  of  wireless. 

Solution 

BNSF  chose  a  leading  mobile  communications 
management  software  product  to  resolve  the  above 
issues  and  reduce  wireless  service  costs  while  pro¬ 
viding  a  robust  solution  for  managers  and  employ¬ 
ees  to  participate  in  managing  wireless  budgets.  It  provided  BNSF  with  a  customized, 
Web-based  application  suite  and  dedicated  account  support  services  to  organize,  analyze 
and  optimize  BNSF's  wireless  users,  usage,  devices,  carriers  and  service  costs,  all  within  a 
single  interface. 

Benefits 

The  software  dramatically  reduces  wireless  service  costs  via  a  patented  process  for 
matching  employees'  monthly  usage  to  the  more  than  14,000  available  rate  plans  and 

continually  drives  down  the  usage  cost  per  minute. 

BNSF  centralized  wireless  accounts  and  costs 
and  delegated  wireless  management  responsibili¬ 
ties  to  cost  center  managers  and  employees.  BNSF 
realized  positive  ROI  in  two  months  and  attained  a 
total  reduction  in  usage  cost  per  minute  of  37%. 
These  results  show  that  BNSF  is  getting  the  most 
out  of  each  wireless  dollar  spent  and  aggressively 
driving  down  the  total  cost  of  ownership. 
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Achievements  in  measurable  return  on  investment,  return  on  assets  and  return  on  resources  through  the 
use  of  a  mobile  and  wireless  system  were  evaluated.  Total  cost  of  ownership  benefits  and  other  accom¬ 
plishments  were  presented.  §§ 1  ...f 


Ford  Motor  Company 

Ford  Motor  Company,  headquartered  in  Dearborn,  MI, 
is  the  world's  second  largest  automaker,  with  approximate¬ 
ly  335,000  employees  in  200  markets  on  six  continents.  Its 
automotive  brands  include  Aston  Martin,  Ford,  Jaguar, 
Land  Rover,  Lincoln,  Mazda,  Mercury  and  Volvo.  Its  auto¬ 
motive-related  services  include  Ford  Credit,  Quality  Care 
and  Hertz. 


Mark  Wrubel  Challenges 

Project  Champion  The  company's  goals  were  to  improve  quality  and 

reporting  while  increasing  safety  and  cutting  costs  at  more 
than  50  manufacturing  plants  through  better  tracking  and  delivery  of  parts  inventory. 
Additionally,  the  entire  system  had  to  be  easy  to  use,  intuitive  for  assembly-line  workers, 
and  operable  with  wireless  technology  in  a  man¬ 
ufacturing  environment. 

Solution 

Ford  jointly  developed  a  real-time  locating 
system  with  Santa  Clara,  Calif.-based  WhereNet 
Corp.  The  WhereCall  Parts  Replenishment  solu¬ 
tion  provides  real-time  material  replenishment 
requests  for  material  handling  utilizing  radio¬ 
frequency  call  buttons.  When  an  operator  press¬ 
es  a  WhereCall  button,  the  system  places  a  request  for  the  associated  parts.  This  infor¬ 
mation  is  transferred  to  material-handling  operators,  who  deliver  the  material.  In  addi¬ 
tion  to  notifying  internal  parts  suppliers,  the  tag  transmits  information  to  Ford's  man¬ 
agement  and  results  in  better  control  of  the  supply  chain. 


Benefits 

Ford  has  realized  significant  savings  through  lower  installation  costs,  increased  opera¬ 
tion  efficiency,  lower  inventory  quantities  and  increased  manufacturing  flexibility.  The 
wireless  call  system  also  costs  half  to  three-fourths  of  what  a  similar  system  using  wired 
components  would  cost.  In  addition,  the  system  can  be  installed  in  a  quarter  of  the  time 
^ h  took  to  >nstaH  the  previous  systems,  and  line  re¬ 
balancing  operations  can  be  done  in  much  less 
time  with  virtually  no  additional  capital  expendi- 
tures  for  hardware  and  equipment. 

The  system  ensures  that  materials  are  installed 
at  their  intended  location. 

Detailed  data  on  material  usage  and  delivery 
times  are  now  available. 


Company  Overview 


Ford  Motor  Company 

One  American  Road 
Dearborn,  MI  48126 

URL: 

www.ford.com 

Years  in  Service: 

100 

Number  of  Employees: 

335,000 

Business  Profile: 

Ford  Motor  Company  is  an 
international  automaker  that 
has  multiple  brands  and  com¬ 
petes  for  market  share  world¬ 
wide.  The  company  needs  to  be 
able  to  manage  many  different 
parts  streams  to  manufacturing 
plants  worldwide  while  main¬ 
taining  its  competitive  edge. 

Deployment  History: 

The  WhereCall  system  is  in 
operation  at  more  than  50 
plants  in  North  and  South 
America  and  Europe,  providing 
real-time  material  replenish¬ 
ment  requests  for  material  han¬ 
dling.  Plans  exist  for  the  wide¬ 
spread  deployment  of  addition¬ 
al  solutions  leveraging  the  mul¬ 
tiple  use  infrastructures  at  most 
of  Ford's  North  American  and 
international  plants  within  the 
next  several  years. 


13 


Special  Advertising  Supplement 


Innovation  and  Promise 


Company  Overview 


London  Ambulance 
Service 

220  Waterloo  Road 
London,  England  SE1  8SD 

URL: 

www.londonambulance.nhs.uk 

Established: 

1965 

Number  of  Employees: 

3,700 

Business  Profile: 

London  Ambulance  Service  is 
the  largest  ambulance  service  in 
the  world,  caring  for  more  than 
1.5  million  patients  every  year. 
As  an  integral  part  of  the 
National  Health  Service, 

London  Ambulance  works  very 
closely  with  hospitals  and  other 
healthcare  professionals,  as  well 
as  other  emergency  services. 

Deployment  History: 

For  London  Ambulance,  the 
decision  to  adopt  GPRS  as  a 
solution  was  made  at  a  time 
when  GPRS  was  in  its  infancy. 
While  a  small  element  of  risk 
was  involved  in  adopting  such  a 
new  technology,  GPRS  was 
identified  as  a  better  solution 
than  other  services,  especially 
given  how  the  various  networks 
were  expected  to  develop  in  the 
future. 


Challenges 

Serving  an  area  of  about  620  square  miles,  London 
Ambulance  handles  more  than  1  million  calls  per  year 
through  70  stations.  A  solution  was  needed  that  would 
Quentin  Armitage  enable  London  Ambulance  to  simultaneously  switch 

Project  Champion  between  multiple  wireless  wide-area  and  wireless  local-area 

network  (WWAN  and  WLAN)  connections.  Previously  used 
radio  communications  provided  inefficient  coverage  for  such  an  area,  often  slowing 
down  critical  response  time. 


London  Ambulance  Service 

London  Ambulance  Service  is  the  largest  ambulance 
service  in  the  world,  caring  for  more  than  1.5  million 
patients  every  year. 


Solution 

Seamless  network  switching  provides  automatic 
switching  between  multiple  WWAN  and  WLAN  net¬ 
work  connections.  Now,  when  a  London  Ambulance 
vehicle  leaves  the  802.11b  WLAN  environment,  its 
connection  can  switch  to  the  general  packet  radio 
service  (GPRS)  and  global  system  of  mobile  com¬ 
munication  (GSM)  networks  as  they  become  avail¬ 
able,  ensuring  no  break  in  communication.  User- 
defined  rules  designate  the  order  the  networks  should  be  tried  until  a  connection  is  estab¬ 
lished. 


Benefits 

By  switching  from  the  WWAN  to  the  WLAN  and  with  the  capability  to  switch  from 
GPRS  (packet  data)  to  GSM  (circuit-switched)  networks  based  on  availability,  London 
Ambulance  is  able  to  minimize  costs  while  maximizing  coverage.  Now,  in  the  event  of  an 
emergency,  ambulances  are  notified  by  the  sound  of  a  bell  in  the  cab  while  detailed 

instructions  appear  simultaneously  on  their  in-vehicle 
touch  screen  device.  Following  the  initial  notification,  vehi¬ 
cles  receive  detailed  driving  directions  via  an  in-vehicle  nav¬ 
igation  unit,  which  is  attached  to  the  touch  screen  PC. 
Meanwhile,  the  control  room  is  receiving  GPS  navigation 
data  back  from  the  vehicle  every  15  seconds.  A  map  is  also 
displayed,  which  enables  the  crew  to  see  where  the  vehicle 
is  in  relation  to  their  destination. 


14 


Special  Advertising  Supplement 


Successful  pioneering  of  leading-edge  mobile  and  wireless  technology  was  recognized  in  this  category. 
The  ability  to  overcome  early  adoption  obstacles  and  to  resolve  problems  (in-house  or  via  unique  ven¬ 
dor/integrator/other  user  partnerships,  etc.)  was  assessed. 


University  Health  Network 

University  Health  Network  is  a  consortium  of  three  hos¬ 
pitals  —  Toronto  General  Hospital,  Toronto  Western 
Hospital  and  Princess  Margaret  Hospital  —  in  Toronto. 
UHN  is  among  the  world's  leading  providers  of  exemplary 
patient  care  and  innovative  research  and  teaching. 

Challenge 

With  increasing  de-institutionalization  of  mentally  ill 
patients,  a  cost-efficient  way  to  treat  those  patients  at  the 
point  of  care  (at  levels  consistent  with  those  achieved  in 
institutional  settings)  was  required.  In  order  to  do  this,  psy¬ 
chiatrists,  residents,  clinicians  and  administrative  staff  need  to  be  able  to  securely  access, 
in  real  time,  patient  records,  including  such  information  as  demographics,  emergency  vis¬ 
its,  diagnoses,  current  medications,  allergies,  housing  situation  and  clinical  notes. 


Dr.  Sydney  Kennedy 
Project  Co-Champion 


Solution 

The  first  thing  that  had  to  happen  was  the  digitization  of 
all  documents  related  to  targeted  patients.  In  addition,  the 
establishment  of  a  centralized  administration  management 
console  that  can  overview  and  control  operations  was 
required. 

The  next  phase,  which  began  recently,  was  the  integra¬ 
tion  of  the  back-end  systems  from  the  various  institutions 
in  the  hospital's  network.  The  technology  is  being  facilitat¬ 
ed  with  a  transcoding  technology  that  allows  the  program 
to  take  any  business  system  and  have  it  deployed  with  a  sin¬ 
gle  application  programming  interface  onto  any  mobile 
and  hardware  platform  intelligently  and  seamlessly. 


Dr.  Patricia  Cavanagh 
Project  Co-Champion 


Benefits 

The  labor  force  can  be  kept  at  static  levels  while  increasing  the  quality  and  quantity  of 
care  delivered  by  removing  the  high  cost  of  paper  handling. 
Patient  record  management  is  labor-intensive,  requiring  field 
care  workers  to  print  data  from  various  healthcare  systems  so 
that  information  will  be  available  to  them  in  the  field. 
Healthcare  professionals  themselves  can  create  a  personalized, 
single  view  of  a  patient  record  that  will  improve  collaboration. 


Company  Overview 


University  Health 
Network 

250  College  Street 
Toronto,  Ontario  M5T  1 R8 
Canada 

URL: 

www.uhn.ca/uhn 

Established: 

1999 

Number  of  Employees: 

11,000 

Business  Profile: 

University  Health  Network  is 
made  up  of  Toronto  General 
Hospital,  Toronto  Western 
Hospital  and  Princess  Margaret 
Hospital.  Each  hospital  retains 
its  identity  and  name  within 
the  network.  Primary  funding 
for  University  Health  Network 
comes  from  the  Ontario 
Ministry  of  Health.  With  an 
operating  budget  of  over  $850 
million,  the  University  Health 
Network  is  one  of  Canada's 
largest  teaching  hospitals. 

Deployment  History: 

The  first  phase  of  this  project 
(the  digitization  of  all  the  docu¬ 
ments  and  the  establishment  of 
a  centralized  administration 
management  console  that  will 
be  able  to  overview  and  control 
operations)  is  complete.  The 
second  phase,  which  will  be 
integration  with  the  back-end 
systems  from  the  various  insti¬ 
tutions,  is  under  way. 

Uni  versify  Health  Network 
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HP  COMPAQ  BUSINESS 
NOTEBOOK  nx7000 

Thin  and  wide 

Starting  at: 

$1,699 

Intel®  Centrino™  mobile  technology  with  Intel® 
Pentium®  M  processors 

15.4"  WXGA  display  provides  a  wide  viewing 
angle  about  1.36"  thin  with  improved  thermal 
performance 

Integrated  802.11b  to  meet  wireless  LAN  needs 

ATI  Mobility  Radeon  9200  Graphics  with  (32  or 
64MB)  of  Double  Data  Rate  (DDR)  SDRAM  provide 
impressive  graphics  performance 

Microsoft®  Windows®  XP  Professional 


MOBILE 

TECHNOLOGY 


HP  COMPAQ  BUSINESS 
NOTEBOOK  nc4000 

Ultraportable 

Starting  at: 

$1,699 

Intel®  Pentium®  M  Processors 
Weighs  3.5  lbs.,  measures  1.1"  thin 
Optional  integrated  802.1  lb/g  or 
802.1  la/b/g  mini  PCI  combo  card  to  meet 
current  and  future  wireless  LAN  needs 

Optional  integrated  Bluetooth™  allows  users 
to  set  up  their  own  personal  area  network* 

Six-cell  lithium  battery  provides  up  to  3.5 
hours  of  battery  life;  up  to  seven  hours  with 
optional  travel  battery 

12.1"  TFT  display,  full-size  keyboard  with  dual 
pointing  device 

Microsoft®  Windows®  XP  Professional 


COMPAQ  EVO  n620c 

Thin  and  light 

Starting  at: 

$1,450 

Intel®  Pentium®  M  processors 

Can  be  configured  as  light  as  4.8  lbs.  light  and 
a  mere  1.2"  thin 

Lithium-Ion  battery  technology  gives  up  to  six  hours 
run  time  on  the  primary  battery  and  up  to  10  hours 
with  the  optional  Multibay  battery 

Stay  connected  with  an  integrated  10/100/1000 
(Gigabit)  NIC  and  optional  wireless  MultiPort  or 
PC  Card  devices 

Microsoft®  Windows®  XP  Professional 


HP  Care  Pack  services  let  you  choose 

the  support  levels  that  meet  your  business  requirements. 

HP  recommends  Microsoft  '  Windows'  XP  Professional  for  Mobile  Computing. 


Until  you  have  a  total  wireless  solution,  you  re  not  completely  wireless.  With  HP,  now  you  can  finally  have  the  right  technology  and 
the  expert  back-end  support  for  your  wireless  network.  Start  your  upgrade  with  the  lightweight  HP  Compaq  Business  Notebook  nc4000  ultraportable,  which 
comes  with  a  wide  array  of  integrated  wireless  communication  options.  Or  consider  the  HP  Compaq  Business  Notebook  nx7000  with  Intel"  Centrino™  mobile 
technology —complete  with  a  wide  15.4"  WXGA  display,  it's  integrated  with  802.11b  to  meet  your  wireless  LAN  needs.  You  can  round  out  your  wireless 
network  with  the  light  and  thin  Compaq  Evo  n620c  which  features  a  Lithium-Ion  battery  with  up  to  a  six-hour  run  time.  The  sooner  you  equip  your  organization 
with  HP  wireless  notebooks,  the  sooner  connectivity  can  be  your  reality. 


To  take  advantage  of  special  offers,  call  us  toll  free  at  1-800-888-5907 
or  visit  www.hp.com/go/mobility4. 


Prices  shown  are  HP  direct  prices;  reseller  and  retailer  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's 
destination.  Photography  may  not  accurately  represent  exact  configurations  priced.  'Wireless  access  point  is  required  and  is  not  included.  Wireless  Internet  use  requires  separately  purchased 
Internet  service  contract.  'A  standard  WLAN  infrastructure,  other  Bluetooth-enabled  devices  and  a  service  contract  with  a  wireless  airtime  provider  may  be  required  for  applicable  wireless 
communication.  Wireless  Internet  use  requires  a  separately  purchased  service  contract.  Check  with  service  provider  for  availability  and  coverage  in  your  area.  Not  all  Web  content  available. 
Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Intel,  Intel  Centrino,  Intel  Inside,  the  Intel  Centrino  Logo,  the  Intel  Inside  Logo, 
Pentium  and  Celeron  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2003  Hewlett-Packard  Development  Company,  L.P. 
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i  with  their  budget  program,”  says 
Davis.  “The  system  automatically  dis¬ 
patches  the  request  to  the  appropriate 
IT  person  via  e-mail,  and  the  loan  offi¬ 
cer  receives  an  e-mail  acknowledging 
the  work  and  status.” 

There’s  an  automatic  workflow  trail 
created  to  keep  both  the  user  and  IT 
managers  aware  of  the  problem.  As  a 
result,  everyone  knows  who  is  working 
on  what,  how  many  projects  each  staff¬ 
er  is  handling  and  the  general  capacity 
of  the  help  desk  operation.  More  than 
75%  of  the  requests  for  help  (there  are 
more  than  600  a  month)  now  come  via 
e-mail  rather  than  phone. 

The  flexibility  of  help  desk  software 
is  an  asset  to  be  exploited.  The  credit 
union’s  IT  team  of  22  uses  HelpStar  to 
help  allocate  resources  and  improve 
department-to-department  communi¬ 
cations. 

Rethink  what  your  help  desk  soft¬ 
ware  can  do,  and  you  just  might  polish 
IT’s  positive  profile.  And  that’s  far 
from  boring.  ©  42055 

MICHAEL 

GARTENBERG 

|  Security  Woes 
Aren’t  Unique 
To  Microsoft 

OVER  THE  PAST  few 
months,  a  number  of 
publicized  security 
issues  have  highlighted  the 
fragility  of  today’s  systems 
and  our  dependence  on  them. 

There  has  also  been  a  lot  of  finger- 
pointing  at  Microsoft,  and  many  are 
questioning  whether  the  company  can 
ever  resolve  the  security  problems  that 
seem  to  plague  many  of  its  products. 

First,  it’s  important  to  understand 
that  security  concerns  aren’t  new. 

From  the  earliest  mainframes,  there 
have  been  security  updates  from  man¬ 
ufacturers.  Most  users  just  never  knew 
about  them  or  weren’t  affected  by 
them.  In  today’s  mobile,  interconnect¬ 
ed  world,  everyone  is  affected  by  secu¬ 
rity  problems  and,  therefore,  security 
flaws  make  news. 

Sure,  Microsoft’s  security  snafus  are 
easy  targets  for  critics,  but  the  truth  is 
that  the  company  is  doing  a  good  job 
shouldering  responsibility  for  issues 
related  to  its  software.  It’s  time  for  IT 
departments  and  end  users  to  begin  to 
shoulder  some  of  the  responsibility. 


We  need  to  stop  acting  like 
small-town  folks  who  leave 
their  doors  unlocked  at 
night  and  start  acting  like 
urban  denizens  who  wisely 
lock,  bolt  and  chain  their 
portals. 

I’m  not  Steve  Ballmer,  but 
if  I  were,  I  might  have  han¬ 
dled  the  Windows  security 
problems  differently.  While 
I  would  acknowledge  that 
Microsoft  needs  to  continu¬ 
ally  improve  its  security,  I 
would  have  also  added  that 
it’s  going  to  take  more  than 
the  efforts  of  Microsoft  if 
security  issues  are  going  to  be  re¬ 
solved.  I  would  say,  “IT  managers  need 
to  take  accountability  for  their  sys¬ 
tems,  software  vendors  must  be  re¬ 
sponsible  for  the  correct  installation 
and  maintenance  of  their  programs, 
and  consumers  must  secure  the  digital 
technology  in  their  households.  That’s 
the  price  of  the  advantages  provided 
by  a  digital  lifestyle.” 


I’d  also  add,  “If  you  think 
the  answer  to  your  prob¬ 
lem  is  Linux,  the  CERT  Co¬ 
ordination  Center  has  re¬ 
leased  data  showing  that  16 
of  the  29  security  advi¬ 
sories  it  released  last  year 
involved  Linux  or  open- 
source  products.” 

Although  Microsoft  re¬ 
leases  regular  information 
on  security  issues  and  has  a 
good  track  record  of  releas¬ 
ing  patches  to  known  prob¬ 
lems,  a  lot  of  IT  depart¬ 
ments  simply  ignore  them. 
In  many  cases,  IT  runs  en¬ 
vironments  so  diverse  that  it  simply 
doesn’t  know  which  machines  are  run¬ 
ning  which  operating  system.  Such  ig¬ 
norance  borders  on  incompetence  and 
must  come  to  an  end,  because  it  costs 
everyone  time  and  money  when  inse¬ 
cure  systems  pass  along  viruses  and 
worms  to  the  rest  of  us. 

Finally,  we  need  to  address  the  fun¬ 
damental  nature  of  what  these  security 


attacks  are  all  about.  As  long  as  the 
media  keeps  portraying  the  computer 
criminal  as  the  noble  and  romantic 
hacker,  I  fear  that  more  of  this  behav¬ 
ior  will  occur.  In  the  wake  of  the  recent 
attacks  on  the  nation’s  computer  infra¬ 
structure,  it’s  time  we  started  calling 
the  people  who  perpetrate  these  sense¬ 
less  and  malicious  actions  just  what 
they  are:  criminals  and  terrorists.  Any¬ 
one  who  launched  similar  attacks  on 
any  other  part  of  society’s  infrastruc¬ 
ture  would  have  been  hunted  down 
and  prosecuted  to  the  fullest  extent  of 
the  law. 

But  barring  the  capture  of  all  com¬ 
puter  crackers,  it’s  up  to  users  to  know 
what  systems  they  have  running  and 
how  well  they  are  protected.  It’s  not 
Microsoft’s  fault  if  we’re  ignorant  of 
what’s  inside  our  own  domains. 

©  42067 
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Controversial  Study  Stirs  Security  Debate 


ANY  CIO  worth  his  weight  should 
address  the  issue  of  multiple 
operating  systems  [“Anti-Microsoft 
Security  Report  Mired  in  Politics,” 
QuickLink  41691].  You  don’t  have  to 
run  several  different  operating  sys¬ 
tems,  but  as  part  of  disaster  plan¬ 
ning,  you  should  have  a  minimum  of 
one  operating  system  that  has  al¬ 
ready  been  tested  and  approved  for 
applications  in  all  areas  of  your 
business. 

I  would  by  no  means  run  more 
than  one  desktop  operating  system 
in  my  company,  but  I  have  three 
Linux  distributions  ready  to  go  in 
case  of  a  major  Microsoft  meltdown 
due  to  a  virus  or  security  breach. 
Jason  D.  Blevins 
MIS  director,  Manchester  Tool 
and  Die  Inc.  and  BKB  Manu¬ 
facturing  Inc.,  North  Man¬ 
chester,  Ind.,  jablevins@ 
manchestertoolanddie.com 

The  criminals  who  are  devis¬ 
ing  and  deploying  the  attacks 
on  our  IT  infrastructure  will  do  so  re¬ 
gardless  of  the  hardware,  operating 
systems  and  applications  that  are 
being  used. 

The  IT  community  needs  to  band 
together  to  fight  them  instead  of 
fighting  one  another.  Perhaps  if  we 


concentrate  our  efforts  on  identify¬ 
ing  these  terrorists  and  insisting 
that  they  be  prosecuted  to  the 
fullest  extent  of  the  law,  then  their 
ranks  will  dwindle. 

Bob  Albert 

Director,  systems  development, 
Claritas  Inc.,  Ithaca,  N.Y. 

PLENTY  OF  COMPANIES  have 
maintained  versions  of  their 
software  for  multiple  operating  sys¬ 
tems  for  years.  Having  done  it  my¬ 
self,  I  can  assure  you  that  it  im¬ 
proves  the  quality  of  the  code.  Fur¬ 
thermore,  there  are  companies  that 


I  AM  ENTHUSIASTIC  about  Com- 
pulerworld' s  promise  to  provide 
more  background  so  readers  can 
judge  the  veracity  of  the  claims 
made  in  analyst  reports  or  surveys 
[“A  Question  of  Credibility,"  Quick- 
Link  41489], 

I  wasn't  aware  that  research 
companies  didn’t  disclose  whether 
a  study  was  funded  by  a  vendor  that 
was  the  subject  of  the  research.  I 
find  this  practice  completely  unethi¬ 
cal.  If  a  research  company  is  mar¬ 
keting  itself  as  an  independent  and 
objective  source  of  information,  it 


market  write  once,  run  anywhere 
systems  from  Java  and  Smalltalk 
vendors  that  make  it  easier. 

Thomas  Gagne 

Ferndale,  Mich. 

DID  THE  STUDY’S  AUTHORS 

consider  that  companies  that 
deploy  multiple  operating  systems 
to  avoid  a  single  target  platform 
most  likely  would  cause  an  even 
greater  security  risk  due  to  inexperi¬ 
ence  in  configuring  multiple  operat¬ 
ing  systems? 

Jay  D.  Shelton 
Software  development  man¬ 
ager,  Franciscan  University 
of  Steubenville,  Ohio 


violates  that  claim  when  it  publishes 
research  funded  by  the  subject. 
Most  companies  don’t  have  the 
budget  to  conduct  exhaustive  re¬ 
search  themselves.  That’s  why  we 
share  the  cost  and  pay  research 
companies  to  do  it  on  our  behalf. 

I  am  glad  that  you  raised  our 
awareness  of  this  problem  so  that 
we  can  challenge  our  research  ven¬ 
dors.  I  look  forward  to  reading  your 
magazine  and  being  able  to  make 
more  informed  decisions. 

Mike  Dunn 
Cleveland 


Spam-iquette 

VINCE  TUESDAY  still  doesn’t  get 
it.  In  the  “Spam  Redux"  section 
of  his  Sept.  29  article  [QuickLink 
41210],  he  explained  that  his  com¬ 
pany  sends  only  one  spam  warning 
letter  per  return  address.  But  when 
you  send  even  one  message  to  the 
wrong  address,  you  unduly  pull  the 
recipient  into  a  spam  issue  that  isn’t 
theirs.  Either  apply  resources  to 
track  down  the  source  and  report  it 
to  their  host,  or  do  nothing.  But 
don't  be  part  of  the  problem  by  ask¬ 
ing  innocent  victims  to  investigate 
and  resolve  your  spam  issue. 

Larry  Williams 
Information  security 
administrator, 

Portland,  Ore. 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor.  Computerworld, 
P0  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701 
Fax:(508)879-4843. 

E-mail:  let1ersfcomputerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

For  more  letters  on  these  and 
other  topics,  go  to 

www.computerwortd.com/letters 


Questioning  the  Ethics  of  Research  Firms 


MICHAEL  GARTENBERG  IS 

research  director  tor 
the  Client  Access  and 
Technologies  group  at 
Jupiter  Research  in 
New  York.  Contact  him 
T  at  i 
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CAN  YOUR  SOFTWARE  TELL  YOU  WHICH  ONE? 


Business  Service  Management  solutions  from  BMC  Software'  can.  In  fact, 
they  let  you  predict  critical  performance  problems  and  resolve  them 
before  they  ever  impact  your  business.  And  you  can  prioritize  IT 
management,  investments  and  resource  allocations  to  optimize  your 
business  performance.  So  you  can  solidly  align  your  IT  investments 
with  strategic  business  goals.  And  protect  the  delivery  of  vital  business 


services  like  sales,  customer  service,  online  transactions,  logistics 
and  distribution — whatever  is  most  critical  to  your  company's  success. 
It's  enterprise  management  software  that  works  with  your  existing  IT 
resources  to  let  you  manage  what  matters  from  a  business  perspective 
and  execute  with  precision.  Find  out  how  at  www.bmc.com/bsm2 
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ROBUST  OBJECTS 

AND  ROBUST  SQL 


A  RARE  SIGHT  IN 
DBMS  PRODUCTS 


For  your  next  generation  of  applications,  move 
to  the  next  generation  of  database  technology. 

Cache  is  the  post-relational  database  that  com¬ 
bines  high-performance  SQL  for  faster  queries  and 
an  advanced  object  database  for  rapidly  storing 
and  accessing  objects.  With  Cache,  no  mapping 
is  required  between  object  and  relational  views  of 
data.  That  means  huge  savings  in  both  development 
and  processing  time. 

Applications  built  on  Cache  are  massively  scala¬ 
ble  and  lightning-fast.  Plus,  they  require  minimal  or 
no  database  administration. 

More  than  just  a  database  system,  Cache  incor¬ 
porates  a  powerful  Web  application  development 


environment  that  dramatically  reduces  the  time  to 
build  and  modify  applications. 

The  reliability  of  Cache  is  proven  every  day  in 
“life-or-death”  applications  at  thousands  of  the  world’s 
largest  hospitals.  Cache  is  so  reliable,  it’s  the  leading 
database  in  healthcare  -  and  it  powers  enterprise  appli¬ 
cations  in  financial  services,  government  and  many 
other  sectors. 

We  are  InterSystems,  a  specialist  in  data  manage¬ 
ment  technology  for  twenty-five  years.  We  provide 
24x7  support  to  four  million  users  in  88  countries. 
Cache  is  available  for  Windows,  OpenVMS,  Linux  and 
major  UNIX  platforms  -  and  it  is  deployed  on  systems 
ranging  from  two  to  over  10,000  simultaneous  users. 


InterSystems/' 

£  CACHE 

Make  Applications  Faster 

Try  a  better  database.  For  free. 

Download  a  free,  Hilly-functional,  non-expiring  version  of  Cache  or  request  it  on  CD  at  www.InterSystems.com/robust 


C  2003  IntcrSyuoro  Corporation  All  njthtt  tocned  lntcrSvitem*  Cache  »  t  rtgutered  trademark  of  ImerSywem*  Corpoonon  703 
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QUICKSTUDY 

SPML 

Services  Provisioning  Markup  Lan¬ 
guage  is  an  XML-based  framework  for 
exchanging  user,  resource  and  service 
^  provisioning  information  between  ap- 
lU  plications  and  organizations.  Page  40 

SECURITY  MANAGER'S  JOURNAL 

Child  Porn  Gets  by  Filters;  Feds  Follow 

After  investigators  discover  that  an  employee  at 
Mathias  Thurman’s  company  has  been  sharing 
child  pornography  online,  the  security  manager 
must  provide  data  to  law  enforcement  officials. 

Page  42 

OPINION 

Six  Things  1  Hate  About  IT 

Robert  L.  Mitchell  gets  a  few 
things  off  his  chest,  such  as  his 
feelings  about  “solutions,”  irre¬ 
sponsible  vendors  and  canned 
analyst  quotes.  Page  44 

SUBMERGING  TECHNOLOGIES: 


These  technologies  are 
rapidly  taking  on  water. 

Is  it  time  to  jump  ship? 

BYGARYH.ANTHES 
AND  ROBERT  L.  MITCHELL 


Most  corporate  IT  organizations  have 

steering  committees  to  craft  strategies  for 
new  technologies,  chief  technology  offi¬ 
cers  to  assess  new  products,  and  IT  poli¬ 
cies  and  procedures  for  developing  and 
buying  new  hardware  and  software. 

But  where  are  the  review  committees  for  obsolete 
technologies?  Who’s  looking  at  what’s  in  the  data 
center,  on  desktops  and  in  briefcases  to  see  if  they 
still  make  sense?  Who’s  checking  to  see  if  spare 
parts,  vendor  support  and  employees  with  the  right 
skills  will  be  available  next  month  —  or  next  year? 

In  most  companies,  no  one  is  doing  those  things  in 
any  rigorous  way,  says  John  Parkinson,  chief  technol¬ 
ogist  for  the  Americas  region  at  Cap  Gemini  Ernst  & 
Young  in  Chicago.  “I  know  of  very  few  companies 
that  actively  manage  sunsetting  their  IT,”  he  says. 
“They  think  it  will  last  forever.” 

It  doesn’t,  of  course.  But  in  most  cases,  there’s  no 
need  to  rush:  “No  tool  is  really  outdated  if  it  serves 
the  needs  of  end  users,”  says  Eric  Goldfarb,  CIO  at 
PRG-Schultz  International  Inc.  in  Atlanta.  Howev¬ 
er,  IT  managers  who  wait  too  long  may  risk  being 
forced  into  expensive  last-minute  changes  to  accom¬ 
modate  new  technology  initiatives  as  business  needs 
change.  That  IP  telephony  call  center  application 
won’t  fly  if  you  have  to  replace  not  only  the  private 
branch  exchange  but  also  update  network  cabling 
and  those  nonswitched,  shared-media  Ethernet  hubs. 

Parkinson  says  that  for  each  type  of  software  and 
hardware  installed,  companies  should  have  an  esti¬ 
mated  cost  and  date  to  replace  it  and  an  estimated 
cost  to  retain  it.  “You  really  should  have  this  in  the 
plan  when  you  [buy],  otherwise  you  won’t  know 
what  ROI  to  expect,”  he  says. 

Of  course,  some  technologies  need  closer  scrutiny 
than  others.  So  Computerworld  asked  corporate  IT 
managers  and  analysts  what  items  they  would  put  at 
the  top  of  their  lists.  Some  of  them  may  justify  an 
immediate  rip-and-replace  strategy:  others  should  be 
put  on  your  “endangered”  list.  Here  are  five  sub¬ 
merging  technologies  to  watch  in  2004: 


1  WINDOWS  9x 

WHY  IT’S  SINKING:  Can  92  million  users  be 
wrong?  Yes.  Declining  support,  reliability  prob¬ 
lems,  security  issues  and  incompatibility  with  new 
applications  should  drive  the  remaining  installed  base 
to  Windows  2000  or  XP. 

No  obsolete  technology  is  in  wider  use  than  the 
9x  versions  of  Microsoft  Corp.’s  operating  system. 

Continued  on  page  32 
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IBM  recommends  Microsoft®  Windows®  XP  Professional  for  Business. 

Warranty  Wcrmation:  for  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.0.  Box  12195,  RTP,  NC  27709,  Attn:  Dept.  JDJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  or  services.  ‘Prices  do  not  include  tax  or  shipping  and  are  subject  to 
1  •’ ''  itl'.out  notice.  Reseller  prices  may  vary  ’Public  access  not  available  in  all  areas.  Access  fees  may  apply.  'Requires  download  of  client  software.  3Based  on  IEEE  802.11b.  This  wireless  LAN  product  has  been  designed  to  permit  legal  operation  worldwide  in  regions  in  which  it  is  approved.  Operation 
;>n  channels  12-u  is  not  permitted  In  all  regulatory  regions  of  the  world.  Consequently,  the  wireless  LAN  feature  is  limited  to  operate  on  channels  1-11  and  will  not  support  channels  12, 13  and  14.  This  product  has  been  tested  and  certified  to  be  interoperable  by  the  Wireless  Ethernet  Compatibility 
A!,:ar‘C3  and  is  authorized  to  carry  the  Wi-Fi  logo.  ‘For  ThinkPad  and  NetVista  models  without  a  separate  video  card,  memory  supports  both  system  and  video.  Accessible  system  memory  may  be  up  to  64MB  less  than  the  amount  stated,  depending  on  video  mode.  'GB  =  1.000,000.000  bytes  when 
f  ^erring  to  storage  capacity.  Accessible  capacity  is  less;  up  to  3GB  is  used  in  service  partition.  These  model  numbers  achieved  eTesting  Labs.  Inc.’s  BatteryMark™  4.0.1  or  the  Ziff  Davis  Media,  Inc.’s  Business  Winstone®  2002  BatteryMark  Version  1.0  Battery  Rundown  Time  of  at  least  the  time  shown. 
This  test  was  pei formed  without  independent  verification  by  the  VeriTest  testing  division  of  Lionbridge  Technologies,  Inc.  (“VeriTest”)  or  Ziff  Davis  Media,  Inc.;  neither  Ziff  Davis  Media,  Inc.,  nor  VeriTest  makes  any  representations  or  warranties  as  to  these  test  results.  Winstone  is  a  registered  trademark 
an c  BatteryMark  is  a  trademark  of  Ziff  Davis  Publishing  Holdings,  Inc.,  in  the  U  S.  and  other  countries.  A  description  of  the  environment  under  which  the  test  was  performed  is  available  at  ibm.com/pc/wwAhinkpad/batterylife  Battery  life  (and  recharge  times)  will  vary  based  on  many  factors  including 
scieer.  highness  applications,  features,  power  management,  battery  conditioning  and  other  customer  preferences.  'Includes  battery  and  optional  travel  bezel  instead  of  standard  optical  drive  in  Ultrabay  bay,  if  applicable;  weight  may  vary  due  to  vendor  components,  manufacturing  process  and  options, 
i  hr, ness  :nay  vary  at  certain  points  on  the  system.  *Some  software  may  differ  from  its  retail  version  (if  available)  and  may  not  include  user  manuals  or  all  program  functionality.  Software  license  agreements  may  apply.  Telephone  support  may  be  subject  to  additional  charges.  If  a  machine  is  listed  as 
hav:n')  “Onsite  service  for  select  repairs"  or  "Limited  onsite  service,”  this  means  that  onsite  service  is  available  only  for  the  replacement  of  select  parts.  For  all  other  warranty  repairs,  IBM  will  provide  the  customer  a  replacement  part  for  customer  installation.  The  parts  for  which  onsite  service  is  available 
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Take  off  to  parts  unknown  with  an  IBM  ThinkPad®  wireless  notebook. 
The  world’s  easiest  way  to  switch  between  wired  and  wireless. 


Wherever  you  want  to  work,  the  sky  is  the  limit  when  you  have  IBM  ThinkPad 
notebooks  with  Access  Connections  software  and  wireless  Intel®  Centrino™  mobile 
technology  (on  select  models).  Now  it’s  easier  than  ever  to  switch  between  wired  and 
wireless  networks  —  whether  you’re  at  an  airport,  the  office,  an  Internet  cafe,  even 
your  kitchen.1  So  consider  the  IBM  ThinkPad  wireless  notebook,  and  experience  a 
whole  new  level  of  wireless  possibilities,  think  frGGdOm 


1  866  426-1037  I  ibm.com/shop/m530 

Save  on  shipping.  Order  online.11 


NEW!  IBM  ThinkPad  T40 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  easiest  wired  and 
wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0 

System  Features: 

•  Intel  Centrino™  mobile  technology 

-  Intel  Pentium  M  processor  1 ,3GHz  supports 
Enhanced  Intel  SpeedStep  technology'® 

-  Intel  PRO/Wireless  Network 
Connection  802.1  lb* 

•  14.1"  XGA  TFT  Display  (1024x768) 

•  256MB  DDR  SDRAM  std/2GB  max 

•  30GB  hard  drive5 

•  Ultrabay™  Slim  DVD-ROM 

•  5.0-hr  battery  life"  •  4.5-lb  travel  weight 

•  Microsoft  Windows"  XP  Professional* 

•  1-yr  system/battery  limited  warranty' 

$1,549* 

M  NavCode  2378D2U-M530 

ServicePac1  Service  Upgrade:’  ’ 

3-yr  Onsite  Repair/9x5/Next  Business 
Day  Response 
(#30L91 95)  *243 

NEW!  IBM  ThinkPad  R40 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  easiest  wired  and 
wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0 

System  Features: 

•  Intel  Centrino™  mobile  technology 

-  Intel'  Pentium  M  processor  1.3GHz.supports 
Enhanced  Intel  SpeedStep  technology1 

-  Intel  PRO/Wireless  Network 
Connection  802.11b 

•  14-.1"  XGA  TFT  Display  (1024x768) 

•  256MB  DDR  SDRAM  std/IGB  max 

•  20GB  hard  drive 

•  Ultrabay  Plus  CD-RW/DVD-ROM  combo  drive 

•  6.1  -hr  battery  life  •  5.6-lb  travel  weight 

•  Microsoft  Windows  XP  Professional 

•  1  -yr  system/battery  limited  warranty'  .  , .  . 


$1,299* 


*  NavCode  289723U.-M530 
ServicePac  Service  Upgrade:  " 


2-yr  Onsite  Repair/9x5/Next  Business. 
Day  Response 
(W0L9189)  ‘197 


varies  by  machine,  but  may  include  the  processor,  power  supply,  heat  sink,  system  board  or  base  cover.  To  determine  the  complete  list  of  parts  for  which  onsite  service  is  available  for  a  particular  machine,  contact  IBM  I8M  wili  attempt  to  diagnose  and  msolve  any  problems  remotely  oelore  sending 
a  replacement  part  or  technician "These  services  are  available  tor  machines  normally  used  lor  business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes  Not  all  machine  types  and  models  are  covered  Service  period  beg.ns  with  the  equipment  dale  of  peruse 
Service  must  be  purchased  during  the  original  limited  product  warranty  period.  Service  levels  are  response-time  obiectives  and  are  not  guarantees  A  service  technician  is  scheduled  to  arrive  at  your  location  within  two  or  lour  business  hours  or  the  next  business  day  (depend.' .g  on  Sergei  ah  ;;  -  ■  - 
problem  determination  is  completed.  For  the  9x5x4-hour  service,  calls  dispatched  alter  1:00  p.m.  local  time,  you  can  expect  the  service  technician  to  arrive  by  the  morning  of  the  next  business  day.  For  noncntical  service  requests,  a  serv.ee  technician  will  arrive  by  the  end  of  the  following  business  d.’v 
If  the  machine  problem  turns  out  to  be  a  Customer  Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick  replacement  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  External  peripherals,  such  as  raws,  tape  drives  and  channel  controllers  require  then  >.\  >  c*j  ■'  jv  • 
coverage:  they  are  not  covered  under  the  attached  Machine.  Service  activation  is  required  immediately  following  purchase.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM  may  choose  to  perform  service  at  the  depot  repair  center  For  failing  non  CBM  compo-e-ts.  cusiomer 
must  provide  replacement  part  unless  IBM  has  a  Technical  Support  Agreement  with  the  manutacturer.  Service  does  not  cover  accessories,  supply  items  and  certain  parts  such  as  batteries,  trames  and  covers.  Standard  shipping  included  when  you  order  online  U  S  or  y  W'th  Intel  SpeedStep  :;  mess  s 
speed  may  be  reduced  to  conserve  battery  power  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice  IBM  is  not  responsible  for  photographic  or  typographic  errors  All  IBM  product  names  are  registered  trademarks  or  tivcemnrks  ct  irterrat  /  ^  c 
Machines  Corporation  in  the  U  S  and  other  countries.  Lotus  and  SmartSuite  are  registered  trademarks  of  Lotus  Development  Corporation,  an  IBM  Company  Intel,  Intel  Inside,  the  Intel  Inside  logo.  Celeron.  Intel  Centnno.  the  Inlet  Centnno  mge  and  Pentium  are  tradem  irks  or  rrgrfere t  rj.'-narr.  oi 
Intel  Corporation  or  its  subsidiaries  in  the  U.S.  and  other  countries  Microsoft  and  Windows  are  trademarks  or  registered  trademarks  of  Microsoft  Corporation.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others  ©  20C3  IBM  Corp  All  r.gnts  rese'/ed 
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Continued  from  page  29 

“Windows  9x  is  getting  to  be  pretty  much  unsustain¬ 
able,”  says  Tony  lams,  an  analyst  at  D.H.  Brown  As¬ 
sociates  Inc.  in  Port  Chester,  N.Y.  Indeed,  many  com¬ 
panies  have  already  migrated  to  Windows  2000  Pro¬ 
fessional  to  gain  the  reliability  of  an  operating  sys¬ 
tem  built  on  the  more  stable  NT  kernel. 

But  eradicating  Windows  9x  won’t  come  easy:  IDC 
in  Framingham,  Mass.,  estimates  that  by  year’s  end, 
there  will  still  be  17  million  Windows  95  installations, 
48  million  Windows  98  users  and  27  million  ma¬ 
chines  still  running  Windows  Me.  And  the  majority 
of  those  are  business  PCs,  claims  IDC  analyst  Dan 
Kuznetsky.  “In  the  long  term,  it  will  probably  be  less 
costly  to  upgrade  [to  Windows  XP],  just  because  the 
NT  kernel  is  much  more  reliable,”  he  says. 

But  what  if  your  organization  has  waited?  Should 
you  go  directly  to  XP,  wait  for  the  next  generation 
(code-named  Longhorn)  or  choose  something  else? 

Don’t  hold  your  breath  for  Longhorn:  It  isn’t  due 
to  arrive  until  2005  at  the  earliest.  Linux  is  a  widely 
touted  option,  but  for  many  the  idea  of  replacing 
thousands  of  Windows  installations,  training  users 
on  a  new  operating  system  and  getting  it  to  work 
with  existing  Windows  applications  is  a  nonstarter. 

Tom  Pratt,  information  systems  manager  at  Coastal 
Transportation  Inc.  in  Seattle,  says  he  has  no  plans  to 
abandon  Windows  98.  The  applications  running  on 


his  boats  won’t  run  on  anything  else,  and  it’s  perfect¬ 
ly  satisfactory  for  his  office  applications  as  well,  he 
says.  Can  Pratt  stay  on  Windows  98  forever?  “Forever 
is  a  funny  term,”  he  says.  “Let’s  just  say  ‘indefinitely.’  ” 

But  John  Montgomery,  chief  technology  officer  at 
Marine  Terminals  Corp.  in  Oakland,  Calf.,  is  making  the 
move  to  Windows  2000.  “Our  newer  applications  are 
not  going  to  run  on  [Windows  9x],”  he  says.  “The  main 
reason  why  Windows  9x  is  still  out  there  is  for  legacy 
applications  that  it  took  us  quite  a  while  to  get  rid  of.” 

CUENT/SERVER  COMPUnNG 

WHY  IT’S  SINKING:  Two-tier  computing  with  fat 
clients  had  its  day,  but  there  are  now  better  ways 
to  distribute  data  and  computing  power  for  flexi¬ 
bility,  ease  of  maintenance  and  business  continuity. 

The  original  client/server  scheme  —  where  the  ap¬ 
plication’s  visual  presentation  and  business  logic  re¬ 
side  on  the  desktop,  and  data  resides  on  a  server  —  is 
an  idea  whose  time  has  passed.  It’s  being  replaced  by 
Web  browser  clients,  n-tier  systems  and  Web  services. 

Why  should  users  replace  their  two-tier  systems? 
“Flexibility  would  be  the  big  reason,  and  some  issues 
around  business  continuity  and  disaster  recovery,” 
Parkinson  says.  “Also,  a  lot  of  that  software  was  built 
with  second-generation  client/server  tools,  like  [Sy¬ 
base’s]  PowerBuilder  and  SQL  Windows,  and  things 


have  moved  on  a  lot  since  those  days.”  It’s  becoming 
harder  to  Fmd  people  with  those  skills  and  to  get  the 
object  code  to  run  well  on  newer  technology,  he  adds. 

Randy  Heffner,  an  analyst  at  Forrester  Research 
Inc,  in  Cambridge,  Mass.,  makes  a  distinction  be¬ 
tween  mission-critical  enterprise  systems  and  “low- 
affordability,”  or  departmental,  applications.  “Strate¬ 
gic  applications  should  never  be  developed  in  the 
traditional  fat-client,  two-tier  client/server  model,” 
he  says.  “The  business  logic  becomes  inaccessible 
and  hard  to  maintain.  Instead,  the  right  approach  is  a 
service-based  design  —  that  is,  to  build  a  business 
services  layer  in  the  application  that  can  be  exposed 
via  Web  services  or  any  other  mechanism.” 

But  two-tier  computing  with  fat  clients  is  still  the 
best  approach  for  companies  such  as  PRG-Schultz,  a 
$500  million  “recovery  audit”  company  that  analyzes 
clients’  accounts  payable  records  to  see  whether 
they’ve  overpaid.  “Because  of  the  creative  work  our 
auditors  do  on  their  desktops  —  data  mining,  analy¬ 
sis  —  we  keep  a  lot  of  computation  there,”  Goldfarb 
says.  Response  time  is  enhanced  by  keeping  the  pow¬ 
er  local  rather  than  relying  on  a  network,  he  says. 

Jim  Honerkamp,  CIO  at  Clopay  Corp.  in  Mason, 
Ohio,  has  found  a  way  to  extend  the  lives  of  his  two- 
tier,  fat-client  applications.  He  replaced  desktop  PCs 
with  Windows  thin-client  terminals  from  Wyse  Tech¬ 
nology  Inc.  and  moved  the  client  code  to  a  MetaFrame 
server  from  Citrix  Systems  Inc.  “This  allows  you  to  put 
a  very  thin  client  on  the  desktop,  and  it  greatly  simpli¬ 
fies  support  on  the  desktop,”  he  says.  “The  application 
thinks  it’s  still  running  in  a  client/server  environment.” 

IBM  SNA/PROPRIETARY  NETWORKS 

WHY  IT’S  SINKING:  Proprietary  network  proto¬ 
cols  are  so  20th  century,  getting  shoved  aside  by 
the  power  and  ubiquity  of  TCP/IP.  Migration  will 
ease  support  and  interoperability  concerns. 

“All  proprietary  protocol  stacks  —  such  as  SNA, 
DECnet,  AppleTalk,  Novell  IPX/SPX  —  are  in  great 
decline,”  says  Jonathan  Eunice,  an  analyst  at  Illumi- 
nata  Inc.  “Over  time,  TCP/IP  has  taken  on  their  jobs 
—  a  process  that  continues  as  TCP/IP  products  con¬ 
tinue  to  improve  with  multigigabit  switches,  quality- 
of-service  techniques  and  so  on.” 

You  don’t  have  to  scrap  those  old  IBM  main¬ 
frame/SNA/3270  applications  right  away.  You  can 
run  Data  Link  Switching  over  an  IP  network,  which 
encapsulates  SNA  traffic  in  an  IP  wrapper,  and  leave 
the  application  and  the  SNA  hardware  unchanged. 
But  you’ll  pay  a  performance  penalty  to  do  that. 

“There  are  a  lot  of  Band-Aid  solutions,  but  ulti¬ 
mately  the  idea  is  to  move  the  application  to  Unix  or 
something  and  make  it  IP  native,”  says  David  Pass- 
more,  an  analyst  at  Burton  Group  in  Sterling,  Va.  “If 
you  can’t  rewrite  or  replace  the  application,  consider 
software  that  maps  old  IBM  3270  terminal  to  Java- 
based  browser  interface.” 

David  Pensak,  senior  research  fellow  in  advanced 
computation  at  Du  Pont  Co.  in  Wilmington,  Del.,  says 
he  still  has  printers  on  an  AppleTalk  network.  “Why 
get  rid  of  it?  The  printers  are  fully  depreciated,”  he 
says.  Pensak  says  he  also  has  an  AppleTalk  network  at 
home,  adding,  “I  won’t  replace  it  until  I  get  a  new 
computer,  and  maybe  not  then.”  But  he  says  he  has 
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Early  WLANs  installed  in  warehouses  and  manufacturing  floors  won’t  work  with 
802.11b.  Integration  requires  an  upgrade. 

They  save  space,  eliminate  cables  and  lower  costs  by  sharing  power  supplies  and 
connectivity. 

Color  laser  printers  used  to  cost  thousands:  now  they're  well  under  $1,000.  And  col¬ 
or  laser  cartridge  changes  are  less  frequent  -  and  less  messy. 

Flicker-free  LCDs  reduce  eyestrain;  the  tubeless  design  saves  on  desk  space,  and 
the  LCDs  are  less  environmentally  hazardous  at  disposal  time  than  CRTs. 

Dot-matrix  printers  are  still  good  for  multipart  forms,  but  as  volumes  have  fallen, 
prices  have  jumped  above  those  of  both  ink-jet  and  low-end  laser  printers. 

Newer  switches  are  inexpensive,  a  prerequisite  for  IP  telephony,  and  typically  sup¬ 
port  Simple  Network  Management  Protocol  for  remote  manageability. 

Why  maintain  file  servers  for  shared  storage  when  you  can  plug  in  a  simple 
appliance? 

What  fits  on  1.44MB  of  disk  space  anymore? 

Increased  stability  makes  this  upgrade  a  no-brainer. 

With  WLANs  expanding  across  offices,  public  spaces  and  hotels,  the  modem,  with 
its  56Kbit/sec.  speed  limit,  is  fast  becoming  the  computing  equivalent  of  an  automo¬ 
bile's  limited-service  spare  tire  -  used  only  in  emergencies,  at  low  speeds. 

With  applications  that  require  an  integrated  voice/data  network  already  emerging,  an¬ 
other  long-term  investment  in  a  digital  PBX  at  this  point  probably  doesn't  make  sense. 

Free  up  your  pockets!  New  hybrid  models  are  finally  reaching  a  size  and  price  where 
a  single,  integrated  device  makes  sense. 

The  ports  won't  go  away  on  PCs  anytime  soon,  but  for  new  hardware,  Universal  Seri¬ 
al  Bus  peripherals  are  faster  and  often  easier  to  set  up. 

Ethernet:  Cheap  and  ubiquitous.  Token  Ring:  Expensive,  with  limited  vendor 
sources.  Any  questions? 

Support  will  disappear  soon  -  as  will  all  those  security  patches  and  updates. 
CD-ROM  drives  are  inexpensive  and  ubiquitous,  and  the  media  are  cheaper. 


Every  day,  throughout  the  U.S.  and 
around  the  globe,  the  National  Cristina 
Foundation  is  putting  donations  of  used 
and  obsolete  computer  equipment  to 
work — at  no  charge  to  donors  or 
recipients — helping  train  people  with 
disabilities,  students  at  risk  and  those 
who  are  disadvantaged  to  become  more 
independent  and  productive  in  their  lives. 

Go  to  www.cristina.org  to  discover 
how  you  and  your  company  can  make 
a  difference  to  people  in  need  and  at 
the  same  time  efficiently  dispose  of 
used  or  obsolete  technology. 

Contact  National  Cristina  Foundation 
for  easy  disposal  of  your  used  or 
obsolete  computer  technology. 

•  No  charge  to  donors  or  to  recipients 
for  our  service 

•  Provides  logistical  support  that 
eliminates  transfer  costs  and  reduces 
storage  costs 

•  Assures  that  all  organizations  that 
receive  donations  through  our  process 
are  pre-screened  for  eligibility 

•  Customizes  your  philanthropic  efforts 
in  the  communities  in  which  you 
conduct  business 

•  Provides  records  to  support  your 
tax  deductions 


500  West  Putnam  Avenue,  Greenwich  CT  06830 
Tel:  (203)  863-9100  •  Fax:  (203)  863-9230  •  Email:  ncf@cristina.org  •  www.cristina.org 
A  non-profit  foundation  dedicated  to  the  support  of  training  through  donated  technology. 
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dumped  his  old  DECnet  applications.  “TCP/IP  is  so 
much  better;  it  does  so  much  more,”  Pensak  says. 


4  TAPE  BACKUP 

WHY  IT’S  SINKING:  Tape  is  cheap,  but  disk  tech¬ 
nology  is  closing  the  cost  gap.  For  day-to-day 
backups,  disk-to-disk  systems  that  use  inexpen¬ 
sive  ATA  technology  make  sense. 

Although  magnetic  tape’s  cost  per  megabyte  will 
give  it  a  role  in  keeping  archival  records  for  years  to 
come,  better  technologies  and  techniques  are  erod¬ 
ing  tape’s  dominance  for  day-to-day  backup  and  re¬ 
covery  tasks.  “It  will  be  replaced  by  other  kinds  of 
protection,  like  journaling  and/or  replication,  snap¬ 
shots  or  point-in-time  copies,”  says  Dave  Freund,  an 
analyst  at  Illuminata  in  Nashua,  N.H. 

Several  technologies  are  changing  the  basic  ap¬ 
proach  to  data  backup.  Disk-to-disk  backup  systems 
based  on  relatively  inexpensive  ATA  storage  can 
rapidly  back  up  and  restore  entire  networks.  Snap¬ 
shot  features  such  as  Network  Appliance  Inc.’s  Snap- 
Mirror  allow  rapid  imaging  of  a  system.  One  indica¬ 
tion  that  such  software  tools  are  becoming  main¬ 
stream  is  Microsoft’s  inclusion  of  its  Shadow  Copy 
snapshot  feature  in  Windows  2003  Server. 

The  more  sophisticated  tools  can  also  briefly  “qui¬ 
esce,”  or  pause,  applications  such  as  databases  and 
flush  the  caches  for  copying  without  bringing  the  sys¬ 
tem  down.  “We  believe  that  five  years  from  now,  most 
medium-  and  large-sized  customers  will  be  using 
snapshots  on  disk  as  the  primary  recovery  media,” 
says  Bob  Passmore,  an  analyst  at  Gartner  Inc.  “But  that 
doesn’t  mean  tape  is  going  away  in  the  next  12  months.” 
Alternatives  just  aren’t  well  known  yet,  he  says. 

“I  wouldn’t  consider  tape  old  technology,”  says 
PRG-Schultz’s  Goldfarb,  whose  company  backs  up 
165TB  of  data  onto  a  gigantic  IBM  3590  tape  system. 
He  says  tape  will  be  his  medium  of  choice  for  three 
to  five  more  years.  But  Goldfarb  says  it  will  eventual¬ 
ly  be  replaced  with  disk-to-disk  or  Flash  Erasable 
Programmable  read-only  memory  backup  systems. 


5  VISUAL  BASIC  6 

WHY  IT'S  SINKING:  As  Microsoft  gradually  with¬ 
draws  support  from  Visual  Basic  6  and  program¬ 
mers  abandon  it  for  Visual  Basic  .Net,  those  old 
VB  6  applications  will  get  harder  and  harder  to  maintain. 

Visual  Basic  6  may  be  the  most  popular  program¬ 
ming  language,  but  its  days  are  numbered.  “VB  6  is  the 
dinosaur  of  old.  There’s  tons  of  legacy  code  out  there, 
but  no  self-respecting  developer  wants  to  go  there 
anymore,”  says  Dan  Mezick,  president  of  New  Tech¬ 
nology  Solutions  Inc.,  an  IT  training  firm  in  North 
Haven,  Conn.  As  a  result,  the  talent  pool  for  maintain¬ 
ing  VB  6  code  is  already  shrinking.  And  Microsoft  will 
phase  out  support  for  VB  6  in  favor  of  Visual  Basic 
.Net  in  the  next  two  to  four  years,  says  Mezick. 

PRG-Schultz  has  a  number  of  VB  6  applications 
but  is  writing  all  new  ones  in  VB  .Net.  Goldfarb  says 
that  in  12  months,  he’ll  have  more  VB  .Net  applica¬ 
tions  than  VB  6  applications.  “Right  now,”  he  says, 
“I’m  straddling  both  sides  of  the  stream.”  ©  41762 


Windows  98 
or  Visual  Basic 
6  applications 
just  because 
they’re  old  hat? 

FRANK  HAYES 


STAY  THE  COURSE 

HOLD  ON  -  why  exactly  are  we  dumping  in  mind  what  you  lose  when  you  throw  away 

mature  technology.  You  lose  stability.  And  the 


these  ■^ng”  technologies?  Because 
they’re  not  hot?  Becauihey’re  not  sexy? 
Because  all  they  do  is  work? 

The  word  to  describe  them  isn’t  submerg¬ 
ing.  The  right  word  is  mature.  Owah/Ar 
effective. 

Why  get  rid  of  Windows  98  or  \zHl  Basic 
6  applications  just  because  they’re  old  hat?  If 
you  want  users  to  have  the  hottest,  flashiest 
software  available,  buy  every  employee  a 
PlayStation  2  or  an  Xbox.  Now  that’s  cost- 
effective  flashiness.  But  flashiness  doesn’t 
make  the  business  run. 

Sure,  tape  backup  and  two-tier  client/serv¬ 
er  and  SNA  networksBo  grandpa’s  IT.  And  if 
they  no  longer  do  the  job,  and  there’s  a  cost- 
effective  replacement  that  meets  your  compa¬ 
ny’s  needs,  you  should  retire  them.  If  they’re 
actually  standing  inHway  of  business  goals, 
boot ’em  out  fast. 

But  if  a  system  still  does  the  job,  and  you’re 
just  trying  to  keep  up  with  industry  fads,  keep 


confidence  of  having  technology  that  vwks. 
And  the  expertise  that  both  IT  staffers  and 
users  have  developed. 

And  what  do  you  gain  by  swapping  it  out 
for  the  latest  and  greatest?  You  gain  bugs. 
And  a  big  bill  for  training.  And  a  giant  bull’s- 
eye  pasH  on  your  organization’s  back,  sice 
crackers  and  worm  designers  and  script  kid¬ 
dies  put  their  efforts  into  breaking  the  most 
current  operating  systems,  not  dusty  old  stuff 
from  five  years  ago. 

Technology  is  complicated  enough  when 
IT  departments  stay  focused  on  what  the 
business  really  needs.  There  are  plenty  of 
places  irlvery  IT  shop  that  truly  need  the  up¬ 
grades  and  deserve  the  dollars  they’ll  cost. 

But  if  you’re  merely  mortified  because 
some  piece  of  technology  fiappens  to  come 
from  a  previous  millennium,  forget  your  em¬ 
barrassment  and  invest  in  a  bumper  sticker: 
“Don’t  laugh  -  it’s  paid  for.” 


planning  to 
dump  them 
before  they 
dump  on  you. 

MARK  HALL 


LET’EM  SINK 


VISIT  THIS  WEB  SITE  to  see  the  success¬ 
ful  use  of  an  old  t^Hogy  this  ll  chug¬ 
ging  away:  http://aurejac.dyndns.org  It  uses  a 
1986  Mac  Plus  with  an  800KB  floppy  disk  as 
a  Web  server.  So  the  site’s  author  proves  his 
point:  Old  technology  can  still  function. 

But  doing  what?  Nothing  but  proving  a 
silly  point. 

Technologies,  like  people,  get  old,  slow  and 
cranky.  But  unlike  us,  they  don’t  have  to  die. 
They  often  continue  to  function  long  after  they 
should  have  been  dead  and  buried.  That’s  the 
case  with  the  technologies  cited  in  this  story. 
It’s  time  to  start  planning  to  dump  them  before 
they  dump  on  you. 

Sure,  your  motto  may  be,  “If  ain’t  broken, 
don’t  fix  it,"  let  alone  replace  it.  But  don’t  wait 
too  long,  or  you’ll  wake  up  one  day  with  a 
technology  that  has  zero  vendor  support,  no 
spare  parts  or  security  patches,  and  only  a 
few  crotchety  IT  pros  playing  bingo  in  Rorida 
who  know  how  to  make  it  work. 

In  contrast,  by  keeping  your  IT  systems  rel¬ 


atively  current,  you  can  assure  your  users 
that  they’re  getting  top-level  performance 
with  the  fewest  possible  bugs,  advanced 
features  to  improve  productivity  and  the  best 
security  available. 

Of  course,  the  hard  reality  of  tight  bud¬ 
gets  can  dictate  how  often  you  can  refresh 
your  systems.  But  don’t  let  money  woes 
be  your  excuse  for  holding  on  to  technolo¬ 
gies  that  simply  have  outlived  their  use¬ 
fulness. 

By  “usefulness,”  I  don’t  mean  that  they 
can  still  do  what  they  once  did.  Or  even,  as 
that  Mac  Plus  site  has  proved,  that  they  can 
do  something  different.  I  mean,  are  they  doing 
work  that  adds  value  to  the  company?  Are 
they  springboards  to  new  business  opportuni¬ 
ties?  If  they're  not,  those  technologies  are 
mere  relics. 

So  put  together  a  plan  of  action  to  identify 
and  remove  those  aging  products  from  your 
operations.  If  you  don’t,  they  may  become  the 
reason  you  get  removed. 


Mark  Hall  and  Frank  Hayes  contributed  to  this  story. 
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As  wireless  LANs 
grow,  companies  are 
seeking  ways  to 
monitor  and  manage 
traffic  and  devices. 
The  challenge  is 
picking  the  right 
software  for  the  job. 
By  Drew  Robb 


SETTING  UP  A  WIRELESS  LAN  opens 
up  a  whole  new  set  of  network 
management  challenges:  balancing 
traffic  loads,  running  reports, 
handling  remote  firmware  / 

upgrades,  resolving  channel 
conflicts,  architecting 
for  maximum 

throughput,  supporting  products 
from  multiple  vendors, 
integrating  existing 
management  software 
with  the  new  system, 
and  supporting  a 
variety  of 
devices.  ___ 

When 

ABC  Fine  Wines 
&  Spirits  in  Orlando 
rolled  out  an  802.11b  net¬ 
work  to  152  stores  this  spring, 
remote  software  deployment  was 
the  key.  “Initially,  the  problem  was  get¬ 
ting  the  applications  down  to  the  devices  in 
the  stores,”  says  help  desk  manager  Guy  Ledbetter. 
“Then  we  have  to  manage  the  software  and  firmware 
that  is  on  those  devices,  as  well  as  the  network  con¬ 
nectivity.” 

Fortunately,  as  the  popularity  of  such  net¬ 
works  has  grown,  so  have  the  options  avail¬ 
able  to  monitor  and  manage  them.  The  trick 
is  finding  the  right  tool  out  of  the  dozens  on 
the  market.  In  ABC’s  case,  it  was  Kirkland,  Wash.- 
based  Wavelink  Corp.’s  Avalanche  product,  which  let 
ABC  download  the  software  to  several  hundred  wire¬ 
less  devices  in  its  stores  and  perform  upgrades  later. 

“WLAN  management  is  one  of  the  hottest  areas  of 
technology  right  now  because  these  networks  are 
reaching  the  size,  scope  and  complexity  where  their 
management  limitations  become  very  evident,”  says 
Warren  Wilson,  an  analyst  at  Summit  Strategies  Inc. 
in  Boston.  “This  puts  a  premium  on  simplifying  de¬ 
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ployment  and  operations  and  providing  greater  visi¬ 
bility  into  the  network.” 

The  WLAN  management  market  can  be  broken 
into  two  major  segments.  Some  tools  come  from  the 
hardware  vendors  themselves.  For  example,  manage¬ 
ment  functions  are  built  into  the  switches  from  Aire- 
space  Inc.  and  Aruba  Wireless  Networks  Inc.,  both  in 
San  Jose,  and  Trapeze  Networks  Inc.  in  Pleasanton, 
Calif.  And  Cisco  Systems  Inc.  just  announced  its 
Structure  Wireless-Aware  Network,  a  mix  of  hard¬ 
ware  and  software  that  will  be  available  later  this 
quarter  that’s  designed  as  a  complete  package  for  de¬ 
ploying  enterprise-class  WLANs. 

But  other  products  address  specific  areas  of  man¬ 
agement  pain,  particularly  those  related  to 
encryption,  authentication,  signal  strength 
and  traffic  management.  The  key  is  to 
match  the  capabilities  of  the  software  to  the 
challenges  you  are  trying  to  deal  with. 

For  DiamondCluster  International  Inc.  in  Chicago, 
the  problem  was  finding  a  single  way  to  implement 
security  on  all  its  WLANs.  The  company  arose  out  of 
the  merger  of  North  American  management  consult¬ 
ing  firm  Diamond  Technology  Partners  with  Cluster 
Consulting,  which  had  offices  in  Europe  and  Latin 
America.  Each  of  DiamondCluster’s  nine  offices  has 
its  own  802.11b  WLAN,  with  one  to  eight  access 
points  at  each  location.  But  these  WLANs  grew  up 

Continued  on  page  38 
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With  all  these  points  of  contact,  this  employee  has  increased  her  chances  of  making  a  sale.  It  may  seem  basic,  but  that’s  where  a  decent 
CRM  Programme  starts  -  maximising  your  client  contact  channels.  BT  offers  a  range  of  innovative  CRM  solutions  such  as  outsourced  contact 
centres,  making  sure  that  the  right  information  reaches  the  right  person  at  the  right  time  -  bringing  together  ail  your  customer  information 
in  harmony.  Because  we  all  know  that  in  business,  communication  is  everything.  To  find  out  how  your  business  communications  could  run 
like  your  human  communications,  contact  us  on  1-800-331  4568  or  www.bt.com/globalservices 
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independently,  with  different  authentication  meth¬ 
ods,  depending  on  the  hardware  each  location  used. 
This  significantly  limited  their  usefulness. 

“We  were  looking  for  a  standardized  way  to  secure 
the  wireless  network,”  says  Drew  Jemilo,  IT  director 
of  Internet  technologies  at  DiamondCluster.  “We 
needed  to  make  it  so  that  users  could  go  to  any  net¬ 
work  around  the  globe,  turn  on  their  laptops  and 
connect.” 

Jemilo  wanted  to  do  this  without  replacing  hard¬ 
ware.  So  he  looked  for  a  software-only  system  that 
could  run  on  existing  file  and  print  servers  at  smaller 
offices  while  scaling  up  to  the  needs  of  larger  ones. 

DiamondCluster  piloted  Seattle-based  NetMotion 
Wireless  Inc.’s  Mobility  WLAN  security  and  man¬ 
agement  product.  The  client  software  checks  for  the 
best  available  connection,  whether  wired  or  wireless, 
and  initiates  the  connection  with  the  Mobility  server, 
which  handles  authentication  and  encryption. 

After  finalizing  the  architecture  and  configuration 
options,  DiamondCluster  rolled  Mobility  out  to  all  of 
its  offices,  a  process  that  took  about  six  to  eight  hours 
per  location. 

“There  is  a  lot  of  flexibility  to  using  a  tool  that  is 
platform-independent,”  says  Jemilo.  “It  worked  with 
all  the  wireless  cards  and  all  the  access  points  we  al¬ 
ready  had  in  place.” 

Who  Needs  Them? 

Administrators  have  dozens  of  WLAN  tools  to 
choose  from.  But  which  do  they  really  need? 

“The  ability  to  detect  rogue  access  points  is  essen¬ 
tial,”  says  Ken  Dulaney,  an  analyst  at  Gartner  Inc.  in 
Stamford,  Conn.  “Everything  else  is  ‘nice  to  have.’  ” 

Wilson  agrees  that  companies  with  installations 
under  a  certain  size  can  still  manage  their  networks 
manually.  But  he  says  even  small  WLANs  may  need 
additional  tools  in  the  following  three  cases: 

1.  Dense  usage  areas:  If  you  have  WLAN  access  in  a 
conference  room  and  20  people  are  trying  to  down¬ 
load  a  speaker’s  PowerPoint  presentation,  that  poses 
a  different  set  of  management  challenges  than  an 
area  with  more  distributed  access. 

2.  Radio  frequency  interference:  Certain  areas  have  un¬ 
usually  high  RF  interference,  particularly  in  a  manufac¬ 
turing  or  health  care  environment.  “Factory  machines 
can  emit  constant  or  bursts  of  RF  energy  that  can  dis¬ 
rupt  WLAN  traffic  and  even  be  so  strong  as  to  knock 
out  the  settings  on  an  access  point,”  says  Wilson. 

3.  Poor  quality  of  service:  If  you’re  just  sending  e-mail 
or  application  data,  quality  of  service  isn’t  a  major 
concern.  But  other  types  of  WLAN  traffic,  including 
video  and  voice  traffic,  require  better  service. 

Of  course,  when  you  get  down  into  the  specifics  of 
one  particular  network,  the  broad  rules  don’t  neces¬ 
sarily  apply.  Situations  when  site-survey  tools  are 
used  are  one  such  example. 

“The  site-survey  tools  are  typically  only  used  in 


802.11k  -  Management  Standard  Ahead 


Part  of  the  problem  with  managing  wireless  LANs  is  the 
lack  of  standards  in  this  area.  To  address  this  shortfall, 
the  Institute  of  Electrical  and  Electronic  Engineers  Inc. 
in  New  York  established  a  committee  to  develop  a  new 
standard,  802.11k  -  Radio  Resource  Management.  The 
standard  focuses  on  the  two  key  WLAN  elements:  ac¬ 
cess  points  (AP)  and  PC  Cards. 

According  to  a  committee  paper  laying  out  the  vision 
and  the  architecture,  the  goal  of  802.11k  is  to  make 
measurements  from  Layers  1  and  2  of  the  0SI  protocol 
stack  -  the  physical  and  data  link  layers  -  available  to 
the  upper  layers. 

"This  means  that  it  is  expected  that  the  upper  layers 
can  and  will  make  decisions  about  the  radio  environ¬ 
ment  and  what  can  be  accomplished  in  that  environ¬ 
ment,"  the  paper  states. 

One  feature  802.11k  will  enable  is  better  traffic  distribu¬ 


tion.  Normally,  a  wireless  device  will  connect  to  whatever 
AP  gives  it  the  strongest  signal.  This  can  lead  to  over¬ 
load  on  some  APs  and  underload  on  others,  resulting  in 
lowered  overall  service  levels. 

The  802.11k  standard  will  allow  network  manage¬ 
ment  software  to  detect  this  situation  and  redirect  some 
of  the  users  to  underutilized  APs.  Although  those  APs 
have  weaker  signals,  they  are  able  to  provide  greater 
throughput.  This  will  produce  higher  speeds  for  both 
those  on  the  original  AP  and  the  redirected  users. 

But  don’t  hold  your  breath  waiting  for  it.  According 
to  Gartner  analyst  Ken  Dulaney,  the  standard  won’t  be 
finalized  for  several  years. 

“They  are  trying  to  standardize  measurement  so  we 
can  have  more  third-party  products  measure  more  access 
points,"  he  says,  “but  everything  is  proprietary  currently.” 

-Drew  Robb 


the  initial  deployment  stage,”  says  Aaron  Vance,  an 
analyst  at  Synergy  Research  Group  Inc.  in  Phoenix. 
“They  get  the  ball  rolling  but  are  only  used  once.” 

But  for  the  Cherokee  Nation,  site  surveys  are  an  on¬ 
going  process.  The  tribe  has  a  1.5Mbit/sec.  frame- 
relay  WAN  connecting  offices  and  medical  facilities 
spread  throughout  10,000  square  miles  in  northeast¬ 
ern  Oklahoma,  as  well  as  Gigabit  Ethernet  backbones 
in  most  of  its  buildings.  But  a  dozen  locations  use 
Wi-Fi.  “Some  of  the  remote  nodes  don’t  have  enough 
users  to  pull  fiber  to  the  buildings,”  says  IT  manager 
Jon  James.  “Also,  some  are  in  rented  facilities,  so  we 
can’t  put  wires  in  the  walls.” 

James  needed  an  easy  way  to  conduct  wireless  sur¬ 
veys  at  those  remote  sites.  Although  he  can  put  the 
Cisco  access  points  he  uses  into  survey  mode,  he 
says  that  doing  so  would  still  require  the  technicians 
to  haul  too  much  equipment  around  with  them.  In¬ 
stead,  he  bought  Sunnyvale,  Calif.-based  AirMagnet 
Inc.’s  AirMagnet  Combo,  a  wireless  analysis  tool  that 
works  on  either  a  laptop  or  a  Pocket  PC  device. 

“It  is  a  lot  easier  to  carry  around  the  PDA  than  to  lug 
around  a  laptop  and  all  its  accessories,”  says  James. 

DiamondCluster’s  Jemilo  finds  a  survey  tool  indis¬ 
pensable,  since  his  company  rents  office  space  and 
its  operations  frequently  move  to  new  locations. 

Even  shifting  furniture  within  an  office  can  cause 
problems,  he  says.  For  example,  a  new  file  cabinet 
could  block  the  signal  to  a  desktop  that  formerly  had 
adequate  reception. 

For  Stanford  Law  School  in  Palo  Alto,  Calif.,  the 
problem  wasn’t  conducting  security  or  site  surveys, 
but  determining  an  easy  way  to  manage  what  it  had 
in  place. 

“I  was  getting  no  metrics,  no  reporting,  and  had  no 
way  of  managing  wireless  nodes,”  says  Mike  Noe,  de¬ 
scribing  the  scene  when  he  started  as  director  of  IT 
last  year.  “When  a  professor  requested  that  an  access 
point  be  turned  off  during  an  exam,  one  of  my  guys 
had  to  climb  up  on  a  stepladder  and  unplug  it.” 

Earlier  this  year,  Noe  loaded  the  AirWave  Manage¬ 
ment  Platform  from  AirWave  Wireless  Inc.  in  San 


Mateo,  Calif.,  on  a  small  dedicated  server,  and  the 
software  automatically  detected  all  access  points. 

The  entire  setup  process  took  a  couple  of  hours. 

After  installing  and  configuring  the  software,  Noe 
could  use  its  reporting  features  to  locate  peak  usage 
periods  and  network  choke  points.  While  these  mon¬ 
itoring  functions  are  useful,  Noe’s  favorite  feature  is 
the  ability  to  remotely  manage  the  access  points. 

“Some  of  the  instructors  want  wireless  in  their 
classrooms,  and  some  don’t,”  he  says.  “Now  we  can 
turn  the  access  points  on  or  off  in  a  few  seconds.” 

Fixing  Deficiencies 

As  these  cases  show,  no  single  type  of  tool  will  meet 
the  needs  of  all  administrators.  Each  user  faced  a 
unique  set  of  issues,  and  a  piece  of  software  existed 
to  address  those  issues.  Those  tools  aren’t  inter¬ 
changeable.  They  each  bridge  different  gaps  left  by 
the  hardware  manufacturers  and  other  WLAN  man¬ 
agement  tools  and  systems. 

“Much  of  the  market  for  wireless  management 
tools  has  been  built  on  the  deficiencies  of  the  WLAN 
manufacturers’  offerings,”  says  Christopher  Noble,  a 
London-based  network  and  infrastructure  analyst  at 
The451.  “Until  recently,  with  the  advent  of  larger  cor¬ 
porate  deployments,  the  main  manufacturers  have 
been  lacking  in  their  ability  to  monitor  and  manage 
the  RF  portion  of  wireless  LANs.” 

But  as  the  market  matures,  Noble  and  other  ob¬ 
servers  expect  to  see  more  of  these  features  built 
into  the  access  points  and  switches.  ©  41911 


Robb  is  a  freelance  writer  in  Los  Angeles.  You  can  reach 
him  at  robbeditorial@sbcglobal.net. 


ANSWERS  AND  OPTIONS 

For  a  list  of  WLAN  vendors  and  products,  visit  our  Web  site: 

QuickLink  42090 

How  do  you  avoid  interference?  Is  your  wireless  LAN  really  secure? 
Those  and  other  questions  are  answered  in  this  FAQ  on  WLANs: 

QuickLink  37764 
www.computerwoiid.com 
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Introducing  a  new  era  of  secure,  corporate  business  freedom 
and  flexibility  —  Nokia  Mobile  Connectivity  solutions. 


Employees  throughout  an  enterprise  want  to  be 
more  mobile  and  productive  —  and  this  can  be 
realized  thanks  to  Nokia  Mobile  Connectivity  solutions. 
CIOs  and  IT  managers  can  provide  the  mobility  and 
security  of  anytime,  anywhere  access  to  users  — 
while  empowering  everyone  from  the  CEO  to  field 
salesforce  teams  with  the  information  needed  to  do 
their  work  where  and  when  they  choose.  Nokia 
Mobile  Connectivity  solutions  include  a  range  of  IPSec- 
and  SSL-based  client  and  gateway  products  that 


provide  secure,  appropriate  access  to  corporate 
email  and  applications.  Enterprises  will  discover  new 
levels  of  efficiency  from  their  workforce,  while 
giving  them  greater  freedom  to  manage  their  business 
and  personal  lives.  All  solutions  are  easy  to  deploy 
and  manage,  are  based  on  award-winning  technology 
and  are  backed  by  Global  Support  and  Services. 

So  if  you  want  greater  working  freedom  that’s  IT 
approved,  go  ahead  and  escape. 
Visitwww.nokia.com/mobileaccess/americas 
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BY  TOMMY  PETERSON 

As  any  general  knows, 
an  effective  system  for 
distributing  and  man¬ 
aging  appropriate  pro¬ 
visions  for  the  troops  is  essen¬ 
tial  to  success  on  the  battle¬ 
field.  The  same  is  true  of  com¬ 
panies  trying  to  win  wars  in 
the  marketplace.  But  instead 
of  bombs,  bullets  and  MRE 
rations,  a  corporation  must 
provision  access  to  items  like 
cell  phones  and  credit  cards 
and,  perhaps  more  important, 
to  digital  assets,  such  as  net¬ 
works  and  applications. 

The  provisioning  process 
has  always  been  a  security  and 
administrative  nightmare  for 
IT  and  human  resources  de¬ 
partments.  In  the  past,  it  gen¬ 
erated  tons  of  paper,  ate  up  ad¬ 
ministrators’  time  and  caused 
plenty  of  errors  that  resulted 
in  decreased  productivity,  se¬ 
curity  vulnerabilities  and  lost 
physical  assets. 


A  Piece  of  the  Puzzle 

The  advent  of  provisioning 
software  within  identity  man¬ 
agement  systems  has  im¬ 
proved  the  situation.  With 
automation,  companies  have 
a  better  chance  of  keeping 
up  with  the  growing  number 
and  variety  of  systems,  appli¬ 
cations  and  devices  within 
their  organizations.  Automa¬ 
tion  can  also  help  contain  the 
costs  of  managing  user  IDs 
and  permissions. 

But  self-enclosed,  propri¬ 
etary  provisioning  systems  can 
solve  only  a  piece  of  the  prob- 
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SPML 

Scenario 

The  HR  department  of  a  supplier 
company  adds  a  new  employee  to 
its  personnel  system,  which  gener¬ 
ates  an  SPML  document.  The  doc¬ 
ument  is  passed  to  the  supplier's 
provisioning  system,  triggering 
the  creation  of  appropriate  internal 
accounts  for  the  employee.  The 
internal  provisioning  system  for¬ 
wards  an  SPML  request  to  the 
company’s  customer  provisioning 
system  to  create  appropriate 
accounts  there. 


DEFINITION 

Services  Provisioning  Markup 
Language  is  an  XML-based 
framework  for  exchanging 
user,  resource  and  service 
provisioning  information 
between  applications  and 
organizations. 


lem.  As  companies  increasing¬ 
ly  consolidate  their  systems 
and  open  them  up  to  cus¬ 
tomers  and  partners  over  the 
Internet,  the  need  for  a  stan¬ 
dard  that  will  allow  central¬ 
ized  provisioning  within  and 
across  organizations  is  clear  to 
users  and  vendors. 

This  summer,  a  tech¬ 
nical  working  group  of 
the  Organization  for 
the  Advancement  of 
Structured  Informa¬ 
tion  Standards  (OA¬ 
SIS)  publically  unveiled  the 
Services  Provisioning  Markup 
Language  to  meet  that  need. 
SPML  1.0  is  built  on  OASIS’s 
Directory  Services  Markup 
Language  V.2,  which  is  an 
XML  representation  of  the 
Lightweight  Directory  Access 


Protocol.  If  it’s  ratified  as  ex¬ 
pected  next  month,  SPML  will 
join  a  family  of  standards  de¬ 
signed  to  ease  the  implementa¬ 
tion  of  Web  services,  including 
XACML,  SAML,  UDDI,  WSDL 
and  SOAP  (see  sidebar). 

The  goal  of  ratifying  the 
specification  is  to 
establish  interoper¬ 
ability  among  provi¬ 
sioning  systems  that 
will  allow  organiza¬ 
tions  to  securely  cre¬ 
ate  end-user  accounts 
for  Web  services  and  applica¬ 
tions  from  a  single  point  in  an 
organization. 

In  July,  at  Burton  Group’s 
Catalyst  Conference  in  San 
Francisco,  10  vendors  that  had 
been  working  to  create  SPML 
under  the  aegis  of  OASIS 
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demonstrated  that  they  could 
use  one  SPML  request  mes¬ 
sage  to  simultaneously  create 
user  accounts  in  all  of  their 
provisioning  systems. 

In  San  Francisco,  all  the 
vendors  were  set  up  in  one 
hotel  meeting  room,  but  the 
idea  is  that  SPML-enabled 
provisioning  systems  will 
work  across  geographic  and 
corporate  boundaries. 

In  a  typical  scenario,  when  a 
company  hires  a  new  employ¬ 
ee,  the  HR  system  generates  an 
SPML  request  to  the  compa¬ 
ny’s  provisioning  system  that 
creates  all  the  access  accounts 
the  employee  needs  within  the 
company.  The  provisioning 
system  then  automatically  gen¬ 
erates  another  SPML  request 
to  the  provisioning  systems  of 
customer  companies  that  give 
the  employee  access  to  the  ap¬ 
plications  and  data  he  needs  to 
do  his  job. 

Deprovisioning  can  be  ac¬ 
complished  by  HR  by  generat¬ 
ing  an  SPML  message  request 
closing  the  employee’s  access 
accounts  upon  his  leaving  the 
company.  The  automated 
chain  of  SPML  messages  will 
then  wipe  out  the  employee’s 
access  to  customer  systems  as 
well,  eliminating  the  scourge 
of  orphaned  accounts.  Used 
with  SAML,  the  XML-based 
protocol  for  exchanging  user 
authentication  and  authoriza¬ 
tion  information,  SPML  may 
eventually  be  at  the  heart  of  a 
true  single-sign-on  system. 

Although  OASIS  is  just  fi¬ 
nalizing  its  approval  of  SPML, 
the  standard  has  already 
drawn  fire  from  critics  who 
say  that  it  doesn’t  do  enough. 
For  example,  it  doesn’t  enable 
functions  such  as  moving  or 
suspending  accounts. 

Chief  among  the  naysayers 
have  been  IBM  and  Microsoft 
Corp.,  which  have  contended 
that  SPML  isn’t  powerful  or 
flexible  enough  to  work  in 
conjunction  with  the  group 
of  standards  the  big  vendors 
are  developing,  called  WS  -*, 
which  includes  WS-Security 
and  WS-Federation. 

SPML  1.0  is  likely  to  emerge 
as  a  provisional  standard  as 
OASIS,  IBM  and  Microsoft 
work  toward  compromise. 

O  41908 


WohwmA 
Standards  Stack 

Here’s  how  SPML  fits 
into  the  family  of  relat¬ 
ed  protocols  ti  t  have 
been  developed  to  facili¬ 
tate  ie  use  of  Web 
services. 

XACML  (Extensible  Access 
Control  Markup  Language) 

Provides  fine-grained  ac¬ 
cess  control  to  disparate 
devices  and  a|  tlications. 


SAML.  (Security 
Assertions  Markup 

Enables  the 
exchange  of  authentica¬ 
tion  and  authorization 
infi  among 

busine  larti  rs. 

Ei  <ML- 
based  provisioning. 

UDDI  (Universal  Descrip¬ 
tion,  Discovery  and  Into- 

An  XML-based, 
platform-independent, 
Internet-acc  ssible  reg¬ 
istry  in  which  businesses, 
software  vendors  and 
programmers  can  desc  be 
the  Web  services  they 
offer  and  provide  links 
on  how  to  use  them. 


WAQ'L  (Web  Services 
Description  La n g u a g e ) 

An  XML  rmat  for  de¬ 
scribing  network  services 
as  a  set  of  endpoints  op¬ 
erating  on  messages  con¬ 
taining  either  document¬ 
or  procedure-orient  d 
information. 


ia  Object 

Defines 

a  framework  for  passing 
messages  between  sys¬ 
tems  over  the  Internet. 
It's  typically  used  for 
executing  remote 
procedure  calls. 


Are  there  technologies  or  issues  you'd  like 
to  learn  about  in  QuickStudy?  Send  your 
ideas  to  quickstudy@computerworld.com 

To  find  a  complete  archive  of  our 
QuickStudies,  go  online  to 

0  computerwoiid.com/quickstudies 
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CLARiiON9  networked  storage  packages 
C make  buying  networked  storage  easy. 
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EMC  has  everything  you  need  to  create  a  network-ready,  direct-attached,  or  SAN  environment  at  a 
surprisingly  affordable  price.  CLARiiON  networked  storage  packages  are  complete  hardware,  software, 
and  service  bundles  that  feature  EMC’s  award-winning  technology  and  SAN  switches  from  Brocade? 
Now  at  prices  that  can  help  you  safeguard  your  budget  as  well  as  your  information. 

Just  visit  www.EMC.com/CXaoo  or  call  1-866-EMC-1500  to  get  started. 


EMC2 

Find  an  authorized  EMC  Velocity2  Partner 
mSsraS  at  www.EMC.com/velocity. 


Get  on  the  best  growth 
path  in  storage. 


EMC?  EMC,  where  information  lives.  Navisphere,  and  CLARiiON  are  registered  trademarks  and  Connectrix  and  Access  Logix  are  trademarks  of  EMC  Corporation. 
Brocade  Is  a  registered  trademark  of  Brocade  Communications  Systems.  Inc.  ©2003  EMC  Corporation.  All  rights  reserved. 
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Child  Porn  Gets  by 
Filters;  Feds  Follow 


An  employee  sharing  child  pornography 
online  eludes  detection  -  until  investigators 
arrive.  By  Mathias  Thurman 


e’ve  had  some  ex¬ 
citement  around  my 
department  over 
the  past  few  weeks 
involving  law  enforcement.  If 
you  work  for  an  Internet  ser¬ 
vice  provider,  you  are  proba¬ 
bly  familiar  with  what  is  called 
a  Section  2703(f)  court  order. 

Title  18  U.S.C.  2703(f)  of  the 
Electronic  Communications 
Privacy  Act  of  1986  contains  a 
provision  requiring 
Internet  service  pro¬ 
viders  to  take  the 
necessary  steps  to 
preserve  electronic 
records  and  other  evi¬ 
dence  pending  the  is¬ 
suance  of  a  court  or¬ 
der  or  other  legal  process. 

The  order  is  simply  a  letter 
from  a  law  enforcement 
agency  requiring  a  service 
provider  to  preserve  logs  in 
preparation  for  a  subpoena  or 
search  warrant.  Receiving  such 
letters  is  a  common  occurrence 
at  Internet  service  providers  — 
but  not  at  my  company. 

Suspicions  Aired 

A  few  weeks  ago,  I  was  called 
to  our  general  counsel’s  office, 
which  had  received  such  an  or¬ 
der.  The  letter,  typed  on  fancy 
letterhead  with  a  three-letter 
agency  logo  on  top,  instructed 
us  to  preserve  any  logs  in  rela¬ 
tion  to  the  network  activity  of 
one  of  our  employees. 

At  the  initial  meeting,  my 
team  and  I  met  with  the  inves¬ 
tigator.  He  was  fairly  savvy 
about  technology,  which  came 
as  a  surprise. 

He  said  our  employee  was 
using  his  home  computer  to 
access  child  pornography  on 
the  Internet.  But  the  investiga¬ 
tor  also  suspected  that  the  em¬ 
ployee  was  sending  porno¬ 


graphic  pictures,  videos  and 
Web  site  address  information 
to  his  e-mail  account  at  work. 
And  the  agency  had  reason  to 
believe  that  our  employee  was 
using  his  company-issued 
workstation  to  access  these 
illegal  sites. 

I  was  pretty  sure  that  the 
employee  couldn’t  use  his 
desktop  workstation  to  access 
pornography  Web  sites,  since 
we  use  content-fil¬ 
tering  software  that 
blocks  access  to 
most  of  them.  But 
we  had  to  comply 
with  the  order. 

Normally,  if  law 
enforcement  agents 
want  to  monitor  someone’s 
network  activity,  they  present 
a  Title  III  wiretap  order.  That 
enables  investigators  to  install 
network-monitoring  software 
that  can  be  configured  so  they 
can  monitor  only  a  particular 
person’s  network  traffic. 

At  our  company,  however, 
we  already  collect  network 
traffic  data  through  our  in¬ 
trusion-detection  systems,  so 
a  Title  III  order  wasn’t  need¬ 
ed.  We  typically  keep  three 


The  investigator . . . 
suspected  that  the 
employee  was  send¬ 
ing  pornographic 
pictures  [and] 
videos ...  to  his 
e-mail  account 
at  work. 


months  of  data,  which  in¬ 
cludes  all  network  traffic  go¬ 
ing  in  and  out  of  our  company 
at  specific  gateway  locations. 

We  have  about  20  sensors  to 
gather  that  data,  so  I  suggest¬ 
ed  that  we  filter  the  data  from 
our  network  sensors  and  use 
our  three  months  of  saved 
data  to  assemble  a  profile  of 
the  user’s  network  activity. 

The  investigator  agreed,  but 
he  cautioned  us  to  maintain 
the  same  level  of  monitoring 
and  to  keep  all  archived  data, 
even  if  the  three-month  time 
period  was  due  to  expire.  We 
were  not  to  conduct  any  addi¬ 
tional  network  monitoring  be¬ 
yond  what  we  do  on  a  regular 
basis,  or  he  would  need  to  ob¬ 
tain  a  wiretap  order. 

Getting  the  Data 

We  began  to  set  things  up.  We 
identified  which  network  sen¬ 
sor  was  responsible  for  moni¬ 
toring  the  traffic  associated 
with  the  employee  in  ques¬ 
tion.  We  configured  the  port 
connected  to  that  sensor  so  it 
would  span  the  port  to  which 
the  suspect’s  workstation  was 
attached.  By  doing  this,  we  en¬ 
sured  that  the  only  network 
traffic  we  were  collecting  was 
that  going  to  and  from  the  em¬ 
ployee’s  desktop.  We  didn’t 
want  to  provide  the  law  en¬ 
forcement  officials  with  extra 
data  that  might  contain  intel¬ 
lectual  property  or  potentially 
sensitive  information. 

Next,  we  had  to  figure  out 
how  to  sort  out  the  correct 
archived  traffic  data.  Like 
most  companies,  we  allocate 
IP  addresses  dynamically.  The 
IP  address  leases  are  set  to 
expire  periodically,  so  over  a 
three-month  period,  the  sus¬ 
pect  would  have  logged  in 
under  dozens  of  addresses. 

Our  sensors  had  collected 
several  gigabytes  of  data,  and 
we  wanted  to  provide  only  the 
necessary  data  related  to  the 
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suspect’s  workstation. 

Fortunately,  the  workstation 
had  a  unique  NetBIOS  net¬ 
work  resource  name  based  on 
the  user’s  name.  By  knowing 
the  NetBIOS  name,  we  could 
pull  the  relevant  data  from  the 
logs.  We  ended  up  copying  the 
data  to  a  CD-ROM,  which  we 
gave  to  the  investigator  when 
he  returned  with  a  search  war¬ 
rant.  We  are  still  required  to 
keep  the  original  data. 

After  that,  we  conducted  an 
internal  review  of  the  user’s 
network  traffic.  I  was  dis¬ 
mayed  to  discover  that  he  in¬ 
deed  been  e-mailing  himself 
pictures  and  other  contra¬ 
band.  What’s  more,  he  had 
used  Yahoo  chat  groups  to 
share  his  illegal  materials.  Our 
filtering  software  didn’t  block 
access  to  those  groups,  since 
the  names  of  the  groups  didn’t 
match  any  of  the  filters  we 
had  installed  on  our  URL-fil- 
tering  application.  The  em¬ 
ployee  had  also  used  his  desk¬ 
top  to  e-mail  pictures  and 
video  clips  to  others  by  way  of 
a  Yahoo  e-mail  account. 

We  confiscated  his  desktop 
computer  and  gave  the  hard 
drive  to  the  investigator.  Our 
human  resources  department 
is  in  the  process  of  terminat¬ 
ing  this  individual’s  employ¬ 
ment,  and  I’m  sure  that  there 
will  be  an  arrest  at  some  point. 

Now  that  this  episode  is  be¬ 
hind  us,  we  plan  to  review  the 
configuration  of  our  filtering 
software  and  our  intrusion- 
detection  system  to  see  what 
changes  we  can  make  to  pre¬ 
vent  this  type  of  activity  from 
recurring.  In  this  case,  the 
user  was  accessing  inconspic¬ 
uous  chat  areas.  Since  we 
aren’t  blocking  access  to  Ya¬ 
hoo  chat  rooms,  the  challenge 
will  be  to  come  up  with  a  way 
to  minimize  false  positives 
and  performance  issues  while 
still  preventing  unauthorized 
use  of  our  resources.  I 

WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum.  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 

©  computerworld.com/secjournal 
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Security  Bookshelf 

Kerberos:  The  Definitive 
Guide,  by  Jason  Garman; 
O’Reilly  &  Associates,  2003 

Kerberos  is  one  of 
those  subjects 
that  I  always  run 
across  on  certifi¬ 
cation  tests,  and 
it’s  mentioned 
lightly  in  authenti¬ 
cation  or  single¬ 
sign-on  discus¬ 
sions.  Although 
Kerberos  has  been 
adopted  into  a  majority  of  op¬ 
erating  systems,  including  Mi¬ 
crosoft’s  Windows  and  Active 
Directory,  I  have  only  a  limited 
understanding  of  it,  and  I 
haven’t  found  much  documen¬ 
tation  on  it 

This  book  is  a  big  help.  K 
discusses  Kerberos'  origins, 
security  and  a  few  advanced 
topics  such  as  cross-realm  au¬ 
thentication.  I  especially  ap¬ 
preciated  the  detailed  imple¬ 
mentation  chapter,  which  ex¬ 
plains  how  to  install  Kerberos 
within  the  Unix  environment.  If 
you’re  looking  to  expand  your 
knowledge  or  simply  need  a 
good  authentication/access- 
control  reference  book, 
O’Reilly  has  done  it  again. 

-Mathias  Thurman 

New  BEA  Security 
Architecture 

Middleware  maker  BEA  Sys¬ 
tems  Inc.  in  San  Jose  has  an¬ 
nounced  a  distributed  security 
architecture,  WebLogic  Enter¬ 
prise  Security.  WLES  is  de¬ 
signed  to  simplify  application 
security  for  companies  with 
heterogeneous  application 
environments.  Rather  than 
managing  redundant  security 
features  within  each  applica¬ 
tion,  BEA  customers  will  be 
able  to  use  WLES  for  central¬ 
ized  security  policy  manage¬ 
ment  through  a  Web-based 
administrative  console.  WLES 
takes  advantage  of  technology 
from  CrossLogix  Inc.,  a  Red¬ 
wood  Shores,  Calif. -based 
developer  of  end-user  access 
authorization  software  that 
BEA  bought  last  February. 


See  software  integrated. 
See  business  automated 
See  ROI  escalated. 
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Intelliden  Bundles 
Vertical  Networking 

Intelliden  Corp.  announced  the 
availability  of  networking  bundles 
tailored  for  specific  industries. 
Users  can  customize  Intelliden’s 
R-Series  T  software  for  the  finan¬ 
cial  services,  health  care,  retail, 
automotive,  insurance,  govern¬ 
ment  and  service  provider  verti¬ 
cal  markets,  according  to  the  Col¬ 
orado  Springs-based  company. 
Pricing  starts  at  $25,000. 


Sigaba  Releases 
Secure  IM  Upgrade 

Secure  Data  in  Motion  Inc.,  which 
is  known  as  Sigaba,  last  week  an¬ 
nounced  Secure  Instant  Messag¬ 
ing  Version  1.2.  The  upgrade  in¬ 
cludes  the  addition  of  a  digital  sig¬ 
nature  service  and  an  embeddable 
secure  instant  messaging  (IM)  ap¬ 
plet,  according  to  the  San  Mateo, 
Calif.-based  company.  Pricing 
starts  at  $40,000  and  includes 
Secure  IM  clients,  the  Sigaba  key 
and  authentication  services. 


EIQnetworks  Offers 
Enterprise  Firewall 

EIQnetworks  Inc.  last  week  an¬ 
nounced  FirewallAnalyzer  Enter¬ 
prise  3.0.  The  new  version  offers 
improved  event-correlation  analy¬ 
sis,  alerting  and  reporting  across 
distributed  firewalls,  as  well  as 
advanced  user-rights  manage¬ 
ment  capabilities,  according  to 
Wayland,  Mass.-based  elQnet- 
works.  A  FirewallAnalyzer  Enter¬ 
prise  license  costs  $795  per 
physical  firewall. 


NaviSite  to  Host 
Exchange  Services 

Navi$ite  Inc.  is  offering  a  new 
managed  Microsoft  Exchange 
2003  e-mail  and  collaboration 
hosting  service  aimed  at  midsize 
businesses.  Pricing  starts  at  $12 
to  $15  per  user  per  month  for  100 
users,  with  antispam  protection 
available  for  another  $1  per  user 
per  month,  said  the  Andover, 
Mass.-based  vendor. 
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Six  Things  I 
Hate  About  IT 


DON’T  GET  ME  WRONG.  At  heart,  I’m  a 

technology  enthusiast.  But  there  are  a  few 
things  about  the  IT  industry  that  just 
make  me  crazy.  I’m  not  talking  about  fail¬ 
ures  of  technology  itself  but  rather  fail¬ 
ures  in  how  people  promote  and  use  it.  From  gimmick¬ 
ry  to  punditry,  here’s  what  I  truly  hate  about  IT: 


1.  Vendors  that  think  they  sell 
“solutions.”  Solutions  used 
to  come  from  chemistry  ex¬ 
periments  or  math  equa¬ 
tions.  But  IT  vendors  keep 
ascribing  the  term  to  their 
products:  Just  open  the  box 
and  voila  —  your  problem 
goes  away.  Will  someone 
please  slap  these  marketing 
airheads?  Not  only  do  IT 
professionals  recognize  that 
this  is  total  baloney,  but  this 
pretentious  pitch  is  insult¬ 
ing  to  anyone  who  has  spent  a  year  or 
more  trying  to  complete  any  major  IT 
project.  Vendors  don’t  sell  solutions. 
They  sell  their  products  —  oversell 

them.  IT  professionals  then  struggle  to 
make  them  work  as  advertised  and 

then,  if  they’re  lucky,  use  those  tools  to 
solve  specific  problems. 

2.  Companies  that  misuse  IT  to  erect 
barriers  between  customer  service  staffers 
and  clients.  Why  use  IT  to  build  loyalty 
with  customers  when  you  can  really 
tick  them  off  by  making  it  nearly  im¬ 
possible  to  reach  a  live  human  being? 
The  worst  offenders  are  consumer 
technology  product  vendors  that  are 
enamored  with  automated  attendants, 
FAQs,  e-mail  response  mechanisms 
and  creating  mazes  of  circuitous  Web 
pages  of  “answers”  that  users  must 
wade  through.  How  about  just  giving 
customers  a  phone  number? 

Case  in  point:  A  week  after  buying 
an  upgrade  to  my  personal  finance 
software,  the  vendor  rolled  out  a  new 
version.  Was  a  free  media  or  online 


update  available?  I  spent  20 
minutes  wading  through 
the  Web  site,  sent  an  e-mail 
inquiry  that  came  back  with 
an  inappropriate  response 
and  spent  20  minutes  on 
the  phone  with  a  customer 
service  person  who  finally 
admitted  that,  yes,  I  could 
receive  the  new  version  for 
a  $10  media  fee. 

Then,  to  my  astonish¬ 
ment,  he  asked  for  my  ad¬ 
dress  and  product  registra¬ 
tion  information.  I  have  been  a  regis¬ 
tered  user  since  1993.  “Why  don’t  you 
just  look  it  up?”  I  asked.  “I  don’t  have 
access  to  that  system,”  he  replied. 

3.  “Real-time  computing.”  This  is  just 
the  latest  in  a  long  string  of  overinflat- 
ed  buzzwords.  What’s  real  about  real¬ 
time  computing?  I’ll  tell  you:  It’s  a 
great  rallying  cry  for  vendors.  A  won¬ 
derfully  amorphous  and  high-minded 
concept  for  analysts.  A  great  expense- 
report  justification  for  travel  to  a  re¬ 
sort  that  hosts  the  conference.  Every¬ 
body  wins. 

4.  Software  vendors  that  assume  no  lia¬ 
bility  for  their  products.  Software  will  al¬ 
ways  have  bugs,  therefore  we  can’t 
hold  vendors  liable  for  the  problems 
they  create,  right?  This  ridiculous,  de¬ 
featist  argument  may  seem  reasonable 
at  first  glance.  But  when  vendors 
aren’t  held  liable,  they  view  bugs  and 
vulnerabilities  as  a  public  relations 
problem,  not  a  fiscal  one.  Should  soft¬ 
ware  vendors  really  be  held  to  a  lower 
standard  of  accountability  than  ven¬ 


dors  in  other  industries?  Litigation 
works  because  it  shifts  the  increasing¬ 
ly  burdensome  cost  of  bugs  and  secu¬ 
rity  vulnerabilities  from  the  customer 
to  the  vendor.  Assuming  liability 
means  assuming  responsibility.  It’s 
time  this  industry  grew  up. 

5.  Vendors  that  would  rather  sue  than  in¬ 
novate.  Don’t  even  get  me  started 
about  the  ongoing  SCO  lawsuit.  And 
more  recently,  SunnComm  Technolo¬ 
gies  threatened  a  Princeton  graduate 
student  with  legal  action  for  pointing 
out  that  its  copy-protection  software 
can  be  defeated  by  simply  holding 
down  the  Shift  key  after  inserting  a 
protected  music  CD.  In  so  doing, 
maybe  SunnComm  thinks  it  will  get 
back  some  shareholder  value  and  save 
face.  Then  again,  maybe  it  should  just 
get  to  work  on  a  better  product. 

6.  Those  “priceless”  product  opinions. 
After  I  received  a  preliminary  copy  of 
a  vendor’s  new-product  press  release, 
the  PR  person  called  to  say  that  I 
shouldn’t  excerpt  the  favorable  quota¬ 
tions  attributed  to  an  industry  analyst. 
Computerworld  wouldn’t  use  such 
quotations  anyway,  but  I  was  curious. 

“Why  not  use  them?”  I  asked. 

“We  haven’t  run  them  by  him  for  ap¬ 
proval  yet,”  she  explained. 

Do  analyst  firms  commonly  sign  off 
on  vendor-provided  “commentary”  for 
their  vendor  customers?  I  put  this 
question  to  a  veteran  freelance  writer 
I  know  who  routinely  works  with  ven¬ 
dors.  “Of  course  they  do,”  he  said  as  if 
it  was  a  silly  question.  “We’re  all 
whores  in  this  business.”  He  added 
that  he  has  written  faux  analyst  quotes 
for  clients  himself.  “But  the  better  ana¬ 
lysts  do  rewrite  them,”  he  noted. 

That’s  my  list.  What’s  on  yours?  Let 
me  know  what  really  bugs  you  about 
IT.  ©  42097 
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our  2,000  enterprise-class  customers  buy 
our  technology,  not  our  marketing. 


See  what  a  real  business  intelligence  platform  can  do  for  you. 

Order  a  FREE  copy  of  “Applications  of  Industrial-Strength  Business  Intelligence”  today. 
Visit  www.microstrategy.com  or  call  1-866-866-MSTR. 
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There's  wireless.  And  there's  wireless  that  works 


Until  you  have  a  total  wireless  solution,  you're  not  completely  wireless.  With  HP,  now  you  can  finally  have  the  right  technology  and  the  expert  backend  support 
for  your  wireless  network.  So  your  people  can  work  for  your  office  without  being  in  the  office.  Start  your  upgrade  with  the  HP  Compaq  Business  Notebook  nc4000  ultraportable,  which 
comes  with  a  wide  choice  of  integrated  wireless  communication  options.  Another  piece  of  your  total  wireless  network  is  the  HP  iPAQ  Pocket  PC  h5450  with  Microsoft®  Windows®  Pocket  PC 
2002.  Another  wireless  device  to  consider  is  the  HP  Compaq  Tablet  PC  TCI  000.  It  works  both  as  a  notebook  and  a  desktop  and  features  handwriting  recognition.  The  sooner  you  equip  your 
organization's  staff  with  these  wireless  devices,  the  sooner  they  can  belter  serve  their  customers.  By  taking  your  company  completely  wireless  with  HP  now,  connectivity  can  be  your  reality. 


HP  COMPAQ  BUSINESS 
NOTEBOOK  nc4000 
ULTRAPORTABLE 

Full  of  capabilities,  light  on  weight 

$1,699 

Weighs  3.5  lbs,  measures  1.1"  thin 
Optional  integrated  802.1  lb/g  or 
802.1  la/b/g  mini  PCI  combo  card  to  meet 
current  and  future  wireless  LAN  needs 

Optional  integrated  Bluetooth™  allows  users 
to  set  up  their  own  personal  area  network 

6  cell  lithium  battery  offers  7  hours  battery 
life  with  optional  travel  battery 

12.1"  TFT  display,  full-size  keyboard,  dual 
pointing  device 

Microsoft®  Windows®  XP  Professional 


HP  COMPAQ 
TABLET  PC  TCI 000 

Easily  used  as  a  tablet,  notebook, 
or  desktop 

$1,699 

Easy  to  carry  at  only  3  lbs. 

Small  as  a  notepad,  8.3"  x  10.8" 

Battery  lasts  up  to  4.5  hours 

Mobile  keyboard  hides  discreetly  for  writing 
or  quickly  swings  into  place  for  typing 

Integrated  10/100  Ethernet  LAN  and  56K 
Modem 

Optional  integrated  802.11b  wireless  LAN 

Microsoft®  Windows®  XP  Tablet 
PC  Edition 


HP  iPAQ  h5450 

Wireless  capability*  with  integrated 
802.11b  Wireless  LAN,  Bluetooth™ 

$699 

Enhanced  security  with  biometric 
fingerprint  technology 

Removable  and  rechargeable  battery 
maximizes  uptime 

Universal  cradle  for  USB  or  serial  interface 
Microsoft® Windows® Pocket  PC  2002 


■  n  ,  Microsoft? 
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HP  Care  Pack  services  let  you  choose  the  support 
levels  that  meet  your  business  requirements. 

HP  recommends  Microsoft®  Windows®  XP  Professional  for  Mobile  Computing. 
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To  take  advantage  of  special  offers,  call  us  toll  free  at  1-800-888-5907  or  visit  www.hp.com/go/mc  oilit)  1, 


Prices  shown  are  HP  direct  prices;  reseller  and  retailer  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Photography  may  not  accurately 
represent  exact  configurations  priced.  *A  standard  WLAN  infrastructure,  other  Bluetooth-enabled  devices,  and  a  service  contract  with  a  wireless  airtime  provider  may  be  required  tor  applicable  wireless  communication.  Wireless  Internet 
use  requires  a  separately  purchased  service  contract.  Check  with  service  provider  for  availability  and  coverage  in  your  area.  Not  all  Web  content  available.  During  the  HP-Compaq  product  transitions,  some  HP  iPAQ  products  and 
packaging  may  be  labeled  with  the  Compaq  brand.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  ©2003  Hewlett-Packard  Development  Company,  L.P. 
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OPINION 

The  Marriage  of  ROI  and  SLA 

Columnist  Tom  Pisello  (left)  says  that 
if  an  IT  project  falls  short  of  its  agreed- 
upon  ROI  target,  the  vendor  should  pay 
a  penalty.  But  if  it  exceeds  the  mark, 
the  vendor  should  get  a  bonus.  Page  52 


Q&A 

More  Bang  for  the  Buck 

Diana  Farrell,  director  of  the 
McKinsey  Global  Institute, 
talks  about  how  companies  can 
gain  more  productivity  from 
their  IT  investments.  Page  51 


Let’s  Make  a  Deal 

Experts  explain  how  to 
get  the  best  deal  for  IT 
when  negotiating  with 
business  units  and 
vendors.  Page  50 


Hot  Spots 

Pay  Dividends 


At  first  glance,  it  might  not  make 

sense  for  profit-making  businesses  to 
give  away,  rather  than  charge  for,  wire¬ 
less  Internet  access.  But  a  growing  num¬ 
ber  of  hotels  and  restaurants  have  found 
that  it  pays  to  offer  free  Wi-Fi  Internet  access.  This 
perk  attracts  customers  and  provides  a  real  bottom- 
line  payback  for  a  relatively  small  capital  investment, 
according  to  free-Wi-Fi  pioneers. 

Cities  and  community  development  orga¬ 
nizations  across  the  country  have  embraced 
free  Wi-Fi  to  boost  economic  development 
and  attract  visitors  to  downtown  areas.  A 
handful  of  small  airports  in  the  shadow  of 
large  hubs  offer  free  Wi-Fi  to  attract  travel¬ 
ers.  And  Verizon  Communications  Inc.  in 
New  York  offers  Wi-Fi  free  of  charge  to  its 
Internet  service  subscribers  to  distinguish 
itself  from  its  cable-modem  rivals. 

Operators  of  free  Wi-Fi  hot  spots  are 
capitalizing  on  the  boom  market  in  Wi-Fi- 
enabled  notebook  and  handheld  computers.  Gemma 
Paulo,  an  analyst  at  In-Stat/MDR  in  Scottsdale,  Ariz., 
estimates  that  shipments  of  notebooks  equipped 
with  industry-standard  802.11b  chips  or  cards  — 
which  offer  a  raw  data  rate  of  llMbit/sec.  at  a  range 
of  100  feet  indoors  and  300  feet  outdoors  —  will  hit 
16  million  this  year. 

Free  Wi-Fi  is  an  alternative  to  paid  services  offered 


by  companies  such  as  Starbucks  Corp.,  which,  in 
partnership  with  T-Mobile  USA,  currently  offers 
Wi-Fi  service  at  rates  ranging  from  $9.99  per  day  to 
$29.99  per  month  in  2,300  of  its  coffee  shops. 

Lovina  McMurchy,  director  of  Starbucks  Inter¬ 
active,  says  the  paid  Wi-Fi  service  helps  attract  cus¬ 
tomers  after  peak  morning  hours.  And  those  who  use 
it  tend  to  be  “high-income  customers”  who  “come 
more  often  and  stay  longer,”  she  says.  She  declined  to 
reveal  the  service’s  impact  on  the  compa¬ 
ny’s  bottom  line. 

John  Wooley,  chairman,  CEO  and  presi¬ 
dent  of  restaurant  chain  Schlotzsky’s  Inc. 
in  Austin,  isn’t  so  shy  in  sharing  details  of 
what  he  calls  the  “strong  ROI”  from  the 
company’s  free  Wi-Fi  service.  Schlotzsky’s 
currently  offers  free  Wi-Fi  in  30  of  its  600 
company-owned  or  franchised  Schlotz¬ 
sky’s  Delis.  Wooley  says  he  figures  that  the 
free  Wi-Fi  results  in  an  additional  15,000 
visits  per  restaurant  per  year  by  customers 
who  spend  an  average  of  $7  per  visit. 

That  means  Wi-Fi  service  brings  in  more  than 
$100,000  per  year  per  outlet  in  return  for  an  invest¬ 
ment  of  about  $8,000  per  restaurant  for  wireless  in¬ 
frastructure,  Wooley  says.  The  largest  continuing 
cost  is  backhaul  to  the  Internet  over  1.54Mbit/sec.  T1 
circuits,  Wooley  says.  Since  the  cost  of  a  T1  circuit 
varies  from  $300  to  $700,  depending  on  what  part  of 


PREDICTION 


of  notebook 
computers 
shipped  in 
0  15  will  have 
embedded  Wi-Fi. 

SOURCE' :  OEMMA 
PAULO.  AN  ANALYST 
AT  IN  SI  AT/MDR  IN 
SCOTTSDALE,  ARIZ. 


Some  hotels,  restaurants  and  airports  are  offering 
wireless  Internet  access  -  at  no  charge  -  in  the  battle 
to  lure  customers  and  deliver  ROI.  By  Bob  Brewin 


CQMPUTERWORLD  October  20, 2003 


MANAGEMENT 


www.computerworld.com 


the  country  you’re  in,  he  says  Schlotzsky’s  would  av¬ 
erage  those  costs  to  induce  existing  franchisees  to  of¬ 
fer  the  service.  (New  franchisees  will  be  required  to 
offer  free  Wi-Fi,  Wooley  notes.) 

Guerrilla  Marketing 

Wooley  also  uses  the  free  Wi-Fi  service  as  a  high- 
tech  marketing  tool.  When  wireless  users  first  con¬ 
nect  to  the  Schlotzsky’s  Wi-Fi  network,  they’re 
shunted  to  an  in-house  “splash”  Web  page  that  the 
chain  uses  to  promote  itself  and  its  bill  of  fare. 

Schlotzsky’s  has  even  bought  high-gain  Wi-Fi  an¬ 
tennas  that  transmit  the  splash  page  as  far  outside  its 
restaurants  as  possible,  Wooley  says.  One  Austin  out¬ 
let  beams  its  signal  into  dorm  rooms  at  the  Universi¬ 
ty  of  Texas,  and  another  beams  it  into  a  competing 
Starbucks.  This  high-tech  guerrilla  marketing  cam¬ 
paign  to  grab  the  eyeballs  of  potential  customers  is 
less  expensive  and  potentially  more  targeted  than 
buying  a  30-second  TV  commercial,  Wooley  says. 

Panera  Bread  Co.,  based  in  Richmond  Heights, 

Mo.,  has  also  embraced  free  Wi-Fi  as  a  marketing 
tool  and  plans  to  offer  the  service  in  130  of  its  600 
bakery  cafes  by  year’s  end,  eventually  extending  the 
service  chainwide.  Ron  Shaich,  the  company’s  chair¬ 
man  and  CEO,  says  he  views  free  Wi-Fi  as  an  ameni¬ 
ty  that  has  already  started  to  attract  and  retain  cus¬ 
tomers  at  what  he  calls  a  “minimal  cost.” 

In  fact,  Shaich  considers  free  Wi-Fi  to  be  such  an 


essential  marketing  tool  that  he  dismisses  any  dis¬ 
cussion  of  ROI.  “What  is  the  ROI  on  a  bathroom?” 
asked  Shaich,  pointing  out  that  the  day  of  pay  rest¬ 
rooms  in  restaurants  has  long  since  passed. 

Keith  Pierce,  president  and  CEO  of  Parsippany, 
N.J.-based  Wingate  Inns  International  Inc.  says  he 
has  enlisted  free  Wi-Fi  as  his  newest  weapon  in  a 
technology  arms  race  to  attract  budget-minded  busi¬ 
ness  travelers.  Pierce  says  Wingate,  a  division  of  trav¬ 
el  conglomerate  Cendant  Corp.,  started  offering  free 
wired  Internet  access  four  years  ago  as  part  of  an  all- 
inclusive  room  rate  that  also  included  free  local 
phone  calls  and  free  use  of  on-premises  business 
centers. 

Now  that  competitors  have  started  to  offer  free 
wired  Internet  service,  Pierce  has  raised  the  ante  by 
rolling  out  free  Wi-Fi  throughout  the  chain,  with  all 
100-plus  properties  expected  to  offer 
the  service  by  the  start  of  next  year. 

Pierce  says  he  didn’t  even  consider 
paid  Wi-Fi  service,  saying  his  research 
shows  that  going  the  paid  route  isn’t 
worth  the  effort.  Under  the  paid  model, 

Pierce  calculated  that  a  typical  property 
would  have  roughly  two  paid  Wi-Fi 
users  a  day.  After  splitting  the  revenue 
with  a  Wi-Fi  operator,  Pierce  says  this 
would  return  only  about  $7.50  a  day  to 
the  franchisee. 

Wingate  has  outsourced  deployment 
and  operation  of  its  free  Wi-Fi  service 
to  LodgeNet  Entertainment  Corp.  in 
Sioux  Falls,  S.D.,  the  company  that  also 
provides  Wingate  with  in-room  pay 
movies  and  video  games. 

Easier  and  Cheaper  Than  Ethernet 

Apple  Core  Hotels  Inc.,  a  New  York-based  operator 
of  six  budget  hotels  in  mid-Manhattan  that  cater  to 
business  travelers,  knew  it  needed  to  offer  free  Inter¬ 
net  access  for  competitive  reasons,  says  Vijay  Danda- 
pani,  the  company’s  chief  operating  officer.  Danda- 
pani  says  Apple  Core  chose  Wi-Fi  instead  of  Ether¬ 
net  because  it  was  far  easier  and  cheaper  to  install  in 
the  company’s  hotels,  which  are  rehabilitated  build¬ 
ings  that  are  all  at  least  100  years  old. 

Installing  Ethernet  connections  would  have  re¬ 
quired  drilling  into  walls  and  “making  a  mess”  of 
wallpaper  and  carpet,  Dandapani  says.  Installation  of 


the  Wi-Fi  service  went  quickly,  he  adds,  taking  about 
six  weeks  per  property. 

Installation  was  a  learning  process,  Dandapani 
says.  Buildings  with  high  ceilings,  which  allow  for 
better  propagation  of  the  Wi-Fi  signal,  required  only 
two  access  points  per  floor.  Buildings  with  lower 
ceilings  —  and  worse  signal  propagation  —  required 
four  access  points  per  floor. 

Beachfront  Hawaii  might  be  the  last  place  you’d 
expect  to  find  a  Wi-Fi  hot  spot,  but  Waimea  Planta¬ 
tion  Cottages  on  the  island  of  Kauai  operates  what’s 
probably  the  westernmost  Wi-Fi  service  in  the  U.S., 
free  or  paid.  It’s  five  miles  from  the  end  of  a  dead¬ 
end  road  on  Kauai’s  western  shore. 

Liz  Hahn,  a  spokeswoman  for  Kikiaoloa  Land  Co. 
in  Waimea,  Hawaii,  which  operates  the  cottages,  says 
the  company  decided  to  offer  free  Wi-Fi  as  a  perk  to 
guests  to  enhance  their  vacation  expe¬ 
rience.  “People  can  get  up  in  the  morn¬ 
ing,  check  their  e-mail  and  then  spend 
the  rest  of  day  relaxing,”  Hahn  says. 

Customer  service  and  satisfaction  at 
a  relatively  low  capital  cost  means  that 
free  Wi-Fi  will  continue  to  proliferate 
at  the  expense  of  the  paid  model,  ac¬ 
cording  to  Schlotzsky’s  Wooley.  “I  think 
pay  Wi-Fi  is  going  to  go  away,”  he  says. 
Panera’s  Shaich  agrees,  saying  hotel 
and  restaurant  customers  will  eventual¬ 
ly  come  to  expect  free  Wi-Fi  access. 

Dan  Lowden,  the  vice  president  of 
marketing  at  Wayport  Inc.,  a  Wi-Fi  net¬ 
work  company  that  offers  paid  service 
at  545  hotels  and  12  airports,  at  rates 
that  range  from  $6.95  for  a  single  connection  to 
$29.95  a  month,  contends  that  the  paid  and  free 
models  will  coexist. 

Paid  networks  offer  higher-quality  service  with 
better  hardware  and  carrier-grade  networks,  Lowden 
says.  He  adds  that  Wayport  offers  its  paid  service  in 
locations  untouched  by  free  Wi-Fi  providers,  such  as 
major  airports.  Maybe  not  for  long,  though.  Wooley 
says  he  has  his  eye  on  offering  free  Wi-Fi  in  airports. 

Craig  Mathias,  an  analyst  at  Farpoint  Group  in 
Ashland,  Mass.,  predicts  that  free  and  paid  Wi-Fi  will 
coexist  for  the  next  five  to  10  years.  But  he  says  the 
paid  model  will  eventually  prevail,  as  cellular  carri¬ 
ers  add  Wi-Fi  service  to  their  portfolios  and  domi¬ 
nate  the  market.  ©  41902 


COMMUNITY  WI-FI 

Cities  and  community  organiza¬ 
tions  are  launching  free  Wi-Fi 
hot  zones  -  ranging  in  size  from 
four  blocks  to  10  miles  -  as 
economic  development  tools: 
QuickLink  41975 

Verizon  is  using  aging  pay 
phones  for  quick  deployment 
of  a  Wi-Fi  network  in  New  York: 

QuickLink  41901 

A  guide  to  online  sources  of 
information  about  Wi-Fi  hot  spots: 

©QuickLink  41976 
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Free  Airport  Wi-Fi  Takes  Off 


At  least  three  U.S.  airports  -  led  by  pioneering  Blue  Grass  Air¬ 
port  in  Lexington.  Ky.  -  now  otter  free  Wi-Fi  service  as  a  way  to 
satisfy  customers  and  compete  with  larger  hub  airports  nearby 
that  otter  pay  service. 

Blue  Brass  kicked  oft  its  free  Wi-Fi  service  in  the  tall  of  2001 
in  response  to  demand  by  business  travelers  who  said  they 
"/anted  Internet  access.  Marketing  director  Tom  Tyra  says  the 
airport,  which  is  served  by  six  airlines,  knows  it’s  in  a  niche  mar¬ 
ket  and  has  to  work  a  bit  harder  to  compete  with  Cincinnati/ 
Northern  Kentucky  International  Airport,  a  giant  Delta  Air  Lines 
hub  that’s  just  75  miles  away. 

David  Heinmtller,  computer  systems  administrator  at  Blue 
(Trass,  says  the  airport's  Wi-Fi  network  consists  of  seven  Cisco 


Systems  Inc.  Aironet  350  access  points  connected  to  a  T1  back¬ 
bone  with  omnidirectional  antennas. 

To  support  travelers  whose  notebook  computers  lack  Wi-Fi 
cards,  Blue  Brass  also  installed  Ethernet  jacks  throughout  the 
airport.  But  Heinmiller  says  these  are  Ethernet  jacks  with  a  twist: 
Instead  of  connecting  to  a  cable,  they  serve  as  the  front  end  to  a 
wireless  client  device. 

Long  Beach  Airport  in  California  turned  on  its  free  Wi-Fi  ser¬ 
vice  in  June  as  an  extension  of  a  project  to  develop  a  free  Wi-Fi 
hot  zone  in  downtown  Long  Beach.  Whereas  Blue  Brass  offers 
just  a  Wi-Fi  signal,  Long  Beach  decided  to  use  the  airport  net¬ 
work  as  a  marketing  vehicle,  with  users  directed  to  a  Web  portal 
splash  page  once  they  sign  onto  the  network. 


JetBlue  Airways  Corp.  helped  develop  Long  Beach  Airport’s 
free  Wi-Fi  network  and  sponsors  the  Web  portal,  according  to 
Lorenzo  Bigliotti,  head  of  G-site  Web  &  Consulting  in  Long 
Beach,  which  developed  the  portal.  In  return  for  its  sponsorship, 
JetBlue  owns  a  sizable  portion  of  the  real  estate  on  the  Web 
page,  which  features  links  to  local  business,  information,  enter¬ 
tainment  and  tourist  Web  sites,  Bigliotti  says. 

Colorado  Springs  Airport  launched  its  bare-bones  Wi-Fi  ser¬ 
vice  -  just  a  signal,  with  no  Web  portal  -  this  August  to  give  it  an 
edge  in  its  competition  with  Denver  International  Airport,  which  is 
less  than  a  two-hour  drive  north,  according  to  Tack  Rice,  an  infor¬ 
mation  systems  analyst  at  Colorado  Springs  Airport. 

-BobBrewin 


The  productivity  of  IT  staffers  and 
e-mail  users  takes  a  big  hit  from 
the  scourge  of  spam.  By  Ian 
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HOW  DO  YOU  REDUCE  the 
impact  of  spam  on  em¬ 
ployee  productivity  with¬ 
out  overinvesting  in  technology? 

To  answer  that  question,  our 
team  at  Nucleus  Research  Inc. 
conducted  in-depth  interviews 
with  117  employees  at  76  U.S.  com¬ 
panies  to  learn  about  their  experi¬ 
ence  with  spam.  We  also 
conducted  extensive  inter¬ 
views  with  28  IT  adminis¬ 
trators  responsible  for 
managing  e-mail  and  other  corpo¬ 
rate  applications  to  understand 
the  impact  of  spam  on  IT  infra¬ 
structure  and  resources.  Here’s 
what  we  found: 

■  The  average  employee  receives 
13.3  spam  messages  per  day. 

■  Employees  spend  anywhere  from  1 
minute  to  90  minutes  per  day  manag¬ 
ing  spam  -  the  average  time  being  6.5 
minutes  per  day. 

■  The  average  lost  productivity  per 
employee  per  year:  1.4%. 

■  The  average  cost  of  spam  per  em¬ 
ployee  per  year:  $874. 

Some  employees  had  such  se¬ 
vere  spam  problems  that  they  were 
forced  to  invest  in  desktop  filters 
and  then  learn  to  use  them.  But 
even  with  the  filters  adjusted  to 
their  personal  profiles  and  prefer¬ 
ences,  these  individuals  still  spent 
an  average  of  12.5  minutes  per  day 
—  nearly  twice  the  average  — 
screening  and  managing  incoming 
mail,  at  a  cost  of  $1,625  per  year  in 
lost  productivity.  This  figure  is  a 
leading  indicator  of  the  potential 
cost  of  spam  as  volumes  grow.  So 
even  for  highly  trained  users  with 
sophisticated  personalized  filter¬ 
ing  devices,  spam  had  a  dramatic 
negative  effect  on  productivity. 

If  companies  lose  an  average  of 
1.4%  of  each  employee’s  produc¬ 
tivity  each  year  because  of  spam, 
then  for  every  72  employees  a 
company  has,  it  loses  the  equiva¬ 
lent  of  at  least  one  employee’s  ser¬ 
vices  to  spam  for  the  year. 

Organizations  can  somewhat  re¬ 
duce  the  impact  of  spam  on  their 
employees  by  deploying  company¬ 
wide  spam  filters.  Filter  technolo¬ 
gy  isn’t  perfect,  but  we  found  that 
it  reduced  the  average  amount  of 
time  employees  spend  managing 
spam  to  five  minutes  a  day,  cutting 
the  average  annual  cost  per  em¬ 
ployee  26%  to  $650. 

However,  administrators  have 
found  a  number  of  challenges 
with  filters: 

■  Spam  sophistication.  Spammers 
use  punctuation,  spaces  and  other 


methods  to  avoid  the  rules  that  fil¬ 
ters  use  to  block  spam. 

■  Ineffective  technology.  Many  ad¬ 
ministrators  found  that  aggressive 
filters  delayed  or  aborted  delivery 
of  business  messages  or  were  inef¬ 
fective  in  filtering  out  spam  unless 
it  met  specific  guidelines. 

■  Employee  adoption.  While  many 
companies  had  filters  in 
place,  employee  use  of  the 
filters  varied,  and  addi¬ 
tional  employee  education 

efforts  were  needed. 

■  Effective  policies  and  manage¬ 
ment.  Although  many  companies 
had  e-mail  policies,  they  didn’t 
have  a  consistent  corporate  strate¬ 
gy  for  educating  employees  about 
spam,  resulting  in  ad  hoc  employee 
education  instead  of  widespread 
understanding  (see  box). 

So  filtering  technology  isn’t  a 
panacea.  As  spam  volume  and 
spammers’  sophistication  grow, 
the  problem  will  just  get  worse  for 
most  organizations,  even  those 
with  sophisticated  filtering. 

IT's  Problem,  Too 

We  found  that  the  average  amount 
of  time  IT  staffs  spend  managing 
spam-related  problems  each  week 
was  4.5  hours  —  half  a  day!  And 


l  Management  Tips 


■  Educate  users  about  spam  avoid¬ 
ance  (such  as  not  replying  to  spam). 

m  Create  an  internal  Web  page  that 
explains  the  employer’s  efforts  to 
fight  spam,  including  a  frequently 
asked  questions  section.  (This  may  re¬ 
duce  calls  to  the  help  desk.) 

■  Take  “fair  and  reasonable”  ef¬ 
forts  to  control  spam,  as  a  defense 
against  lawsuits  charging  a  hostile  work 
environment. 

■  Update  the  company  e-mail  and 
communications  policy  to  inform 
users  that  the  company  installed  a  spam 
filter  but  can’t  guarantee  that  100%  of 
spam  will  be  filtered.  Ban  employees 
from  initiating  spam  or  forwarding  spam. 

■  Recognize  that  spam  is  becom- 

§  ing  a  security  problem,  with  the  emer- 
£  gence  of  worms  that  use  spammer  tech- 
1  niques  for  propagation,  as  well  as  spam- 
|  mers’  use  of  worm  variants  to  get  their 
I  messages  through. 

o  . 

d  ■  Remember  that  spam  filtering 
|  should  vary  by  industry  or  depart- 
i  ment.  In  the  health  care  industry,  for 
-  example,  legitimate  messages  may 
s  have  the  names  of  certain  drugs  or  body 
I  parts.  And  e-mail  from  complaining  cus- 
°  tomers  may  have  words  that  filters  inter- 
I  pretasspam. 

o 


IT  staffers  aren’t  just  managing 
filters  and  deleting  messages. 
They’re  responding  to  help  desk 
requests,  ensuring  that  employees 
who’ve  received  offensive  e-mails 
feel  they’ve  gotten  an  appropriate 
response  to  their  problem,  and  ed¬ 
ucating  users  about  spam  and  how 
they  can  limit  their  exposure. 

Some  companies  are  spending 
nearly  a  quarter  of  an  IT  employ¬ 
ee’s  time  managing  spam  issues. 
Companies  should  assume  that, 
on  a  per-mailbox  basis,  adminis¬ 
trators  will  spend  an  average  of 
0.7  minutes  per  employee  per 
week  on  spam-related  issues. 

In  theory,  that  means  that  for 
every  690  employees,  one  full¬ 
time  IT  staff  person  will  be  need¬ 
ed  just  to  manage  spam.  (In  reali¬ 
ty,  it  probably  means  that  the  ex¬ 
isting  IT  employees  just  become 
more  overworked  or  have  to  put 
out  spam  fires  instead  of  doing 
more  profitable  activities.) 

Many  companies  worry  that, 
even  with  filters,  unsolicited 
e-mail  sent  to  employees  may  pro¬ 
voke  legal  action.  According  to 
one  IT  administrator,  “One  of  the 
reasons  we  got  into  spam  filtering 
is  the  offensive-content  lawsuits 
that  could  arise.” 

So  what  do  you  do  about  the 
rising  cost  of  spam?  Employee 
training,  filters  and  California’s 
new  antispam  law  are  a  good  start, 
but  they  won’t  solve  the  problem. 
Recent  activity  by  Microsoft  Corp. 
and  others  in  pursuing  legal  ac¬ 
tion  against  spammers  suggests 
another  approach.  In  June,  Micro¬ 
soft  filed  15  lawsuits  against  spam¬ 
mers;  Amazon.com  Inc.  followed 
in  August  with  lawsuits  against  11 
Internet  advertisers,  which  Ama¬ 
zon  accuses  of  spoofing  its  e-mail 
address  to  send  spam. 

Given  the  cost  of  spam,  large 
companies  may  want  to  consider 
similar  legal  action,  which  is  po¬ 
tentially  more  cost-effective  than 
simply  investing  in  a  filter  that 
will  only  reduce,  not  eliminate, 
spam’s  impact.  ©  41896 


Campbell  is  president  and  CEO  of 
Nucleus  Research  Inc.,  an  indepen¬ 
dent  research  firm  in  Wellesley, 
Mass.  Wettemann  is  vice  president 
of  research  at  the  firm. 
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NEGOTIATING  -  WITH  BUSINESS  UNITS  AND  WITH 
VENDORS  -  IS  A  BASIC  PART  OF  IT  LIFE.  HERE’S  HOW 
TO  DO  IT  BETTER.  BY  KATHLEEN  MELYMUKA 


s  manager  of  the  program 
control  office  at  Main 
Street  America  Group,  Paul 
Freitas  oversees  IT  projects 
at  the  insurance  company’s 
Jacksonville,  Fla.,  offices. 

He  makes  plenty  of  deals  with  vendors, 
but  some  of  his  toughest  negotiations 
involve  prying  human  re¬ 
sources  from  hard-pressed 
internal  managers. 

Similarly,  Bridget  Finerty,  head  of 
the  service  assurance  center  at  The 
Mitre  Corp.  in  Bedford,  Mass.,  negoti¬ 
ates  with  department  heads  for  project 
resources  and  with  internal  customers 
on  service-level  agreements.  Intra¬ 
corporate  bargaining  is  so  much  a  part 
of  her  job  at  the  not-for-profit  research 
organization  that  she  thinks  of  negotia¬ 
tion  as  “another  word  for  navigating 
through  conversations.” 

Although  vendor  negotiations  get  a 


lot  of  attention,  most  IT  negotiations 
are  internal.  “In  IT,  you  negotiate  all 
day  long  —  with  co-workers,  team¬ 
mates,  internal  IT  clients  and  business 
clients,  not  to  mention  vendors,”  says 
Lisha  Wentworth,  a  senior  facilitator  at 
Ouellette  &  Associates  in  Bedford, 
N.H.,  which  runs  negotiating  work¬ 
shops  for  IT  professionals. 

Negotiations  in  IT  are  chal¬ 
lenging  because  they  require 
“a  wide  bandwidth  of  personality,” 
says  G.  Richard  Shell,  professor  of 
legal  studies  and  management  at  the 
Wharton  School  at  the  University  of 
Pennsylvania  and  author  of  Bargaining 
for  Advantage  (Penguin,  1999).  “Inside 
negotiations  require  tact  and  diploma¬ 
cy,  and  outside  negotiations  some¬ 
times  require  you  to  be  pretty  tough,” 
he  explains.  Here’s  some  advice  from 
experts  for  getting  to  a  better  deal: 

DO  YOUR  HOMEWORK.  “Preparation  is 


critical,”  says  Robert  Mnookin,  chair¬ 
man  of  the  Program  on  Negotiation 
at  Harvard  Law  School  and  author  of 
Beyond  Winning:  Negotiating  to  Create 
Value  in  Deals  and  Disputes  (Harvard 
University  Press,  2000).  Gather  infor¬ 
mation  about  hidden  pressures  in  the 
other  party’s  department.  Consider 
possible  scenarios  ahead  of  time. 

DON’T  PLAY  TO  WIN.  “One  of  the  biggest 
errors  in  negotiation  is  to  see  it  as  a 
zero-sum  game:  What  you  win,  I  lose; 
what  I  win,  you  lose,”  Mnookin  says. 
“You  can  often  expand  the  pie  for  the 
win-win.”  This  is  especially  important 
in  intracorporate  IT  deals. 

CONSIDER  THE  ALTERNATIVES.  Before  you 
begin,  think  of  the  alternative  if  no 
deal  is  reached.  For  example,  as  the  IT 
leader,  can  you  move  on  to  a  different 
project  if  the  other  party  won’t  commit 
enough  resources?  “The  better  that  al¬ 
ternative,  the  more  power  you’ll  have 
at  the  bargaining  table,”  Mnookin  says. 
During  the  negotiation,  compare  that 
alternative  with  whatever  is  on  the 
table,  Wentworth  adds.  “If  the  negotia¬ 
tion  is  going  badly,  ask  yourself:  Is 
agreeing  to  what  they  want  better  or 
worse  than  the  alternative?”  she  says. 
FIND  THEIR  INTERESTS.  “It’s  critical  to 
ask  questions  so  you  can  better  under¬ 
stand  not  only  their  positions  but  the 
underlying  needs  and  interests,”  says 
Mnookin.  “Interests”  are  the  real  needs 
behind  stated  positions.  A  “position”  is 
that  a  manager  can  spare  only  two  em¬ 
ployees  to  work  on  an  IT  project,  for 
example,  but  his  interests  may  be  in 
staffing  a  higher-priority  project  or 
gearing  up  for  a  sales  campaign.  Posi¬ 
tions  set  up  a  “linear  tug  of  war,”  Went¬ 
worth  says. 

BEWARE  THE  HIDDEN  AGENDA.  If  the  oth¬ 
er  party  gets  evasive  or  his  demands 
just  don’t  add  up,  he  may  have  a  hid¬ 
den  agenda,  Shell  says.  Use  your  net¬ 
work  around  the  company  to  try  to 
find  out  what’s  really  going  on. 
GENERATE  OPTIONS.  Brainstorm  to  gen¬ 
erate  options.  Might  you  move  a  time¬ 
table  up  or  back?  Or  use  a  business  an¬ 
alyst  earlier  in  the  project  to  free  him 
up  later?  “Take  a  piece  of  this  option, 
and  add  this  one,  and  they  become  a 
solution,”  says  Wentworth. 

RECOGNIZE  LEVERAGE.  The  person  with 
the  least  to  lose  if  the  negotiation  fails 
has  the  most  leverage,  Wentworth  says. 
And  leverage  isn’t  static.  “As  soon  as 
the  other  person  says,  ‘I’ve  got  to  have 
that,’  you’ve  got  leverage,”  she  says.  Al¬ 
though  you  may  be  negotiating  with  an 
internal  client  several  layers  above  you 
in  rank,  you  probably  have  more  lever¬ 
age  than  you  think.  “IT  is  particularly 
powerful  because  it  controls  an  asset 


NEGOTIATING  STYLES 

Recognizing  your  own  negotiating  style  and  that  of  the  other  party  can  help  you 
anticipate  his  approach  and  avoid  being  hooked  into  an  emotional  response,  says 
Lisha  Wentworth  of  Ouellette  &  Associates.  Here  are  the  basic  negotiation  styles: 


Competitor 

*  Attacks:  looks  for  control 
GOAL:  To  win 

Problem-Solver 

«  Collaborates;  looks  for 
underlying  problems 
GOAL:  To  reason  together 

Compromiser 

a  Nurtures  the  relationship; 
looks  for  fairness 
GOAL:  To  split  the  difference 


Accommodator 

■  Conciliates;  looks  to  smooth  things  over 
GOAL:  To  solve  other 

people’s  problems 

Avoider 

■  Hides;  looks  for  escape. 

GOAL:  To  avoid  conflict 


HOWTO 


TACTICS 

Whether  you  use  these  common  negoti¬ 
ating  tactics  or  your  colleagues  do,  Ouel¬ 
lette  &  Associates'  Lisha  Wentworth 
suggests  that  you  be  aware  of  them: 

■  The  flinch.  Making  a  dramatic,  nega¬ 
tive,  often  vocal  response,  calculated  to 
shake  up  the  other  side. 

■  The  decoy.  Relenting  on  a  fake  issue 
to  get  a  concession  on  a  real  one. 

■  Nibbling.  Trying  to  get  more  after  the 
deal  is  complete. 

■  The  consistency  trap.  Trying  to  use 
some  comment  to  hem  the  other  side  in, 
as  in,  “You  said  you  wanted  to  save 
money;  this  saves  you  money.” 


■  Good  cop/bad  cop.  Tag-teaming, 
where  one  colleague  nurtures  the  rela¬ 
tionship  and  the  other  plays  hardball. 


that  everyone  needs,”  Shell  observes. 
EMPATHIZE  -  TO  A  POINT.  “Manage  the 
tension  between  empathy  and  as¬ 
sertiveness,”  says  Mnookin.  “Some 
negotiators  are  great  at  assertion  but 
lousy  at  listening.  Others  hear  the  oth¬ 
er  side  and  can’t  hold  on  to  their  own 
interests.  You  need  to  do  both.” 

BE  CONSCIOUS  OF  STYLE  -  YOURS  AND 
THEIRS.  Recognize  your  own  negotiat¬ 
ing  style,  and  try  to  figure  out  the  style 
of  the  other  party. 

“If  I’m  accommodating  and  he’s 
competitive,  I  may  think  we  can  work 
together,  but  he’ll  ding  me  and  I’ll  get 
mad,”  Wentworth  explains.  “If  you 
know  what  to  expect  from  the  start, 
you  can  avoid  falling  into  emotional 
traps.”  ©  41490 


Melymuka  is  a  Computerworld 
contributing  writer.  Contact  her  at 
kmelymuka@yahoo.com. 
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More  Bang 
For  the  Buck 

How  to  get  more  productivity  from  your  IT  investments. 


For  more  than  two 
years,  the  McKinsey 
Global  Institute,  the 
economic  think  tank 
of  consulting  firm 
McKinsey  &  Co., 
has  been  studying 
productivity  and  its 
connection  with  cor¬ 
porate  IT  spending 
in  20  industries  in 
the  U.S.,  Germany 
and  France.  In  this 
month’s  Harvard  Business  Review, 
the  institute’s  director,  Diana  Farrell, 
reports  that  IT’s  role  in  the  New  Econo¬ 
my  is  more  complicated  than  generally 
assumed. 

Farrell  talked  from  her  San  Francisco 
office  with  Kathleen  Melymuka  about 
the  role  technology  has  been  playing  in 
driving  productivity  and  how  companies 
can  make  more  effective  use  of  IT  going 
forward. 

What  caused  the  productivity  surges  of  the 
1990s?  Real  productivity  surges  came 
in  six  sectors  only:  retailing,  securities 
brokerages,  wholesaling,  semiconduc¬ 
tors,  computer  assembly  and  telecom¬ 
munications.  You  can  begin  to  see  a 
pattern:  an  environment  that  allows  in¬ 
tense  competition  to  take  place.  In  re¬ 
tail,  for  example,  Wal-Mart’s  innova¬ 
tion  raised  the  competitive  intensity, 
forcing  competitors  to  adopt  innova¬ 
tions,  and  that  retail  pressure  put  pres¬ 
sure  on  wholesalers. 

Where  does  IT  come  into  play  as  a  productiv¬ 
ity  tool?  It’s  the  way  IT  enables  the  pro¬ 
ductivity  process  that  makes  it  such  a 
powerful  tool.  It  helps  in  the  introduc¬ 
tion  of  new  products  and  services.  It 
makes  innovations  so  much  more 
replicable  and  scalable.  And  its  bene¬ 
fits  multiply  as  it  scales,  so  it  allows 


you  to  deal  with  much  more  complexi¬ 
ty.  It’s  a  very  powerful  tool. 

Which  industries  benefit  most  from  IT,  and 
why?  I  can  answer  much  better  at  a 
subsector  level.  Where  we  really  see 
payoff  is  in  certain  subsectors  that  are 
well  suited  to  technical  innovation.  For 
example,  in  retail  general  merchandis¬ 
ing,  you  have  very  high  throughput, 
and  that’s  better  suited  to  technologi¬ 
cal  innovation  than  in  apparel,  where 
you  don’t  have  the  same  volumes. 

What  differentiates  the  companies  that 
gained  the  most  from  IT?  First,  they  target 
the  technology  investment  to  their 
very  specific  subsegment  and  to  opera¬ 
tional  levers  that  matter  for  their  in¬ 
dustry.  You  don’t  make  a  large  invest¬ 
ment  in  a  lever  that,  even  if  it  moves, 
doesn’t  really  affect  the  business  mod¬ 
el  or  one  that  couldn’t  move  enough 
to  make  a  difference  because  other 
barriers  in  the  marketplace  make  that 
impossible. 

Hotels  spent  an  enormous  amount 
in  IT  investment.  But  if  you  look  at  the 
operations  of  a  hotel,  the  biggest  chunk 
of  ongoing  cost  comes  down  to  the  la¬ 
bor  pool  —  the  cleaning  and  mainte¬ 
nance  people.  IT  was  focusing  on 
reservations  and  not  on  what  drove  the 
economics  of  the  system.  So  they  had  a 
huge  investment  that  didn’t  pay  off. 

The  second  thing  is  they  recognize 
that  IT  investment  and  business 
process  changes  are  a  co-revolution. 
You  can’t  solve  business  problems  by 
throwing  IT  at  them.  You  need  to  opti¬ 
mize  the  business  process  and  enable 
it  through  IT. 

Retailers,  for  example,  have  to  start 
by  cleaning  their  internal  data  before 
they  warehouse  it  and  extend  the 
technology  to  their  suppliers.  Working 
in  tandem  with  business  process 


changes  is  so  obvious,  but  it’s  lost  on 
many  people. 

How  do  I  find  my  company’s  productivity 
levers?  We’ve  identified  eight  opera¬ 
tional  levers  that  are  generic  through 
all  companies  [see  box].  For  example, 
you  can  reduce  labor  costs  or  nonlabor 
costs.  The  real  key  is  to  take  this 

Productivity  Levers 

Productivity  is  defined  as  the  output 
of  production  per  unit  of  input.  For  ex¬ 
ample,  it  could  be  the  number  of  wid¬ 
gets  produced  per  hour  of  labor.  Diana 
Farrell  of  the  McKinsey  Global  Institute 
offers  eight  productivity  levers  to  help 
you  target  IT  investments  to  the  areas 
that  really  matter  to  your  business. 


TO  INCREASE  OUTPUTS 


Increase  the  number  of 

units  produced  by: 

■  Increasing  labor  efficiency 

■  Increasing  asset  use 

Increase  the  value  of  the 

portfolio  by: 

■  Selling  new  value-added  goods 
and  services 

■  Shifting  to  higher-value  goods 
in  the  current  portfolio 

■  Realizing  more  value  from  goods 
in  the  current  portfolio 


TO  DECREASE  INPUTS 


Reduce  labor  costs  by: 

■  Substituting  capital  for  labor 

■  Deploying  labor  more  effectively 

Reduce  nonlabor  costs  by: 

■  Reducing  inventory  holding  costs, 
real  estate  costs  and  other  costs 


generic  list  and  say,  If  I’m  in  the  hotel 
industry,  there  is  very  little  substitu¬ 
tion  of  capital  for  labor  that  will  yield 
much  impact.  You  have  to  ask,  Given 
my  operational  model,  if  we  move  this 
lever  100%,  what  would  be  the  impact 
on  the  bottom  line?  Those  questions 
are  not  asked  as  systematically  as  you 
would  think. 

Talk  about  the  importance  of  sequencing  in 
IT  investments.  Retail  is  a  good  example. 
You  can  look  at  the  range  of  IT  invest¬ 
ments  a  retailer  would  make  over  time. 
You  start  with  basic  help  in  moving 
products  from  suppliers  to  customers 
—  data  integration,  distribution  logis¬ 
tics.  Then  you  try  differentiating  tech¬ 
nologies  like  fine-tuning  merchandise 
planning.  Finally,  you  move  on  to  next- 
frontier  investment  —  customer  expe¬ 
rience  solutions:  things  that  make 
them  feel  it’s  all  tailored  to  them. 

In  the  IT  world,  there’s  a  lot  of  ex¬ 
citement  about  all  this  sophisticated 
stuff,  but  if  you  don’t  get  your  data 
cleaned  up  first,  you  don’t  have  the 
ability  to  take  advantage  of  those  later 
investments.  You’d  be  amazed  at  how 
many  businesses  made  very  large  in¬ 
vestments  in  CRM  before  they  had 
clean  data.  The  technology  had  no  im¬ 
pact.  It  was  yielding  garbage. 

How  can  a  company  hold  on  to  the  competi¬ 
tive  edge  from  its  IT  innovations?  Couple 
the  innovation  with  other  advantages 
that  are  less  replicable.  For  example, 
CRM.  Anyone  can  buy  CRM.  It’s  im¬ 
portant  to  build  in  organizational 
changes  and  processes  to  make  the 
CRM  effective  and  not  really  possible 
for  others  to  replicate. 

When  should  a  company  take  the  lead  in  IT, 
and  when  should  it  follow?  You  don’t  enter 
into  leading-edge  investment  unless 
you  feel  it’s  really  targeted  to  levers 
that  matter  for  you  and  unless  you  can 
couple  the  investment  with  other  ad¬ 
vantages  like  scale,  tacit  knowledge  or 
some  other  capability  that  gives  you 
reason  to  believe  that  what  you  do 
won’t  just  be  replicated  by  others  or 
that  even  if  others  follow,  they  won’t 
get  the  same  bang  for  the  buck.  Other¬ 
wise,  wait  for  the  leading  edge  to  be 
worked  out  by  your  competitors  and 
then  adopt  it.  O  41620 


Melymuka  is  a  Computerworld 
contributing  writer.  She  can  be  contacted 
at  kmelymuka@yahoo.com. 


This  is  the  latest  in  a  series  of  monthly  discus¬ 
sions  with  Harvard  Business  Review  authors 
on  topics  of  interest  to  IT  managers. 
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Delphi  Appoints 
Global  IT  Executive 

Delphi  Corp.  in  Troy,  Mich.,  has 
named  John  Guevara  as  director 
of  global  infrastructure  services.  In 
this  new  role,  he  will  oversee  the 
auto  parts  maker’s  global  network, 
telecommunications,  mainframe 
and  desktop  systems,  as  well  as 
the  corporate  IT  security  program. 
Guevara,  who  became  CIO  at  Del¬ 
phi  Mexico  in  2001,  replaces  Gary 
Robertson,  who  retired  after  38 
years  at  the  company.  Prior  to 
joining  Delphi,  Guevara  was  vice 
president  of  information  systems 
at  Siemens  Group. 


Medco  Cuts  IT  Jobs 

Medco  Health  Solutions  Inc.,  a 
pharmacy  benefits  management 
company  spun  off  from  Merck  & 
Co.  in  August,  is  cutting  approxi¬ 
mately  90  IT  workers  at  its 
Franklin  Lakes,  N.J.,  and  Mont- 
vale,  N.J.,  offices.  The  company 
said  it  is  restructuring  its  IT  de¬ 
partment  to  improve  customer 
service  and  efficiency. 


Accenture  Partner  Is 
Now  Bombay  Co.  CIO 

The  Bombay  Co.,  a  Fort  Worth, 
Texas-based  retailer,  has  hired  Lu- 
cretia  Doblado  as  senior  vice  pres¬ 
ident  and  CIO.  Doblado  previously 
was  a  partner  in  Hamilton,  Bermu¬ 
da-based  Accenture  Ltd.’s  retail 
practice,  where  she  led  opera¬ 
tional  changes  in  the  areas  of  cor¬ 
porate  IT  processes  and  systems 
applications  for  J.C.  Penney  Co., 
Zale  Corp.,  Michaels  Stores  Inc. 
and  other  companies. 


Oregon  Health  Insurer 
Names  New  CIO 

Cheron  Vail  has  joined  The  Re- 
gence  Group  in  Portland,  Ore., 
as  its  CIO.  She  will  lead  the  health 
insurer’s  IT  team  in  four  North¬ 
western  states.  Vail  most  recently 
worked  as  CIO  at  Providence 
Health  Plans  and  in  IT  roles  at 
Aetna  Health  Plans,  First  Dental 
Health  and  Science  Applications 
International  Corp. 
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TOM  PISELLO 

The  Marriage  of 
ROI  and  SLA 


PRESSURE  IS  HIGH  for  IT  executives  to  de¬ 
liver  rock-solid  strategies  on  smaller  bud¬ 
gets.  Meanwhile,  enterprises  have  a  low  tol¬ 
erance  for  project  failure,  or  spending  that 
falls  short  of  expectations.  This  has  set  the 
stage  for  a  closer,  more  fruitful  relationship  with  ven¬ 
dors  that  can  help  companies  reduce  the  risks  and 
maximize  the  rewards  from  every  IT  investment. 

One  way  to  bring  about  such  a  relationship  is  to  use 
the  service-level  agreement  (SLA)  —  long  valued  as  a 


tool  for  guaranteeing  avail¬ 
ability  and  responsiveness 

—  as  a  way  to  ensure  a  re¬ 
turn  on  investment.  Under 
this  model,  vendors  would 
partner  with  their  cus¬ 
tomers  to  ensure  that  ROI 
goals  are  realized  and  tie 
their  financial  compensa¬ 
tion  to  the  achievement  of 
key  benefits. 

Let’s  say  a  company  buys 
CRM  software  and  estab¬ 
lishes  a  minimum  expected 
ROI.  If  the  minimum  bene¬ 
fits  aren’t  realized,  it’s  up 
to  the  vendor  to  help  reme¬ 
dy  the  situation.  If  the  vendor  still  fails 
to  deliver,  financial  penalties  kick  in. 
On  the  flip  side,  if  the  system  delivers 
a  higher  ROI  than  expected,  the  ven¬ 
dor  gets  a  financial  reward  (or  less- 
tangible  rewards  such  as  public  testi¬ 
monials  or  future  contract  exten¬ 
sions). 

This  may  be  radical  thinking.  But 
considering  that  two-thirds  of  IT  proj¬ 
ects  run  over  budget  or  fail  to  meet  the 
schedule  and  one-third  are  canceled 
completely  —  and  that  even  when  a 
project  is  successfully  deployed,  over 
half  fail  to  deliver  on  ROI  expectations 

—  offloading  some  of  the  risk  to  the 
vendor  is  worth  a  second  look.  Be¬ 
sides,  vendors  would  have  a  vested  in¬ 


terest  in  making  sure  their 
products  actually  deliver 
business  value,  instead  of 
just  dumping  the  product 
on  the  user’s  doorstep. 

The  ROI  SLA  can  be  mu¬ 
tually  beneficial  to  IT  de¬ 
partments,  business  units 
and  vendors.  Success  re¬ 
quires  close  collaboration 
between  the  parties  every 
step  of  the  way,  from  plan¬ 
ning  the  system  to  imple¬ 
menting  it  and  managing 
it.  In  the  process,  CIOs  can 
be  confident  that  IT  proj¬ 
ects  will  be  less  risky  and 
will  deliver  tangible  gains.  Perhaps 
they’ll  even  have  easier  budget  ap¬ 
proval  cycles  with  the  chief  financial 
officer,  CEO  and  board  of  directors. 
Developing  an  SLA  upfront  ensures 
that  all  stakeholders  understand  the 
proposed  costs,  benefits  and  ROI  — 
and  commit  to  their  accuracy. 

If  a  project  veers  off  course  and  the 
vendor  and  user  are  already  tracking 
costs  and  benefits,  they’re  able  to  step 
in  for  quick  remediation  if  costs  sur¬ 
pass  expectations  or  benefits  fall  short 
of  projections. 

From  the  IT  vendor’s  perspective, 
an  ROI  SLA  is  a  difficult  proposition, 
because  it  creates  uncertainty  about 
revenue.  The  vendor  is  relying  on  the 


customer  to  successfully  implement 
the  system,  and  there’s  the  potential 
for  an  increase  in  expenses  to  meet 
the  SLA.  On  the  other  hand,  the  SLA 
could  greatly  shorten  the  sales  cycle 
by  reducing  doubts  a  prospect  may 
have  about  implementing  the  product. 
Also,  if  the  project  exceeds  expecta¬ 
tions,  the  vendor  can  significantly  in¬ 
crease  revenue. 

Putting  It  Into  Practice 

The  building  blocks  already  exist. 
Many  vendors  are  trying  to  help  users 
calculate  returns  on  investments.  And 
SLAs  are  commonplace  in  areas  such 
as  networking  and  outsourcing. 

Setting  the  benchmark  for  the  ex¬ 
pected  ROI  may  seem  to  be  a  big  chal¬ 
lenge,  with  the  risk  of  a  breakdown  in 
SLA  negotiations.  Arguably,  a  vendor 
would  push  for  a  modest  level  of  re¬ 
turns,  and  a  buyer  would  demand  a 
higher  level.  In  reality,  the  vendor’s 
business  case  must  be  realistic,  achiev¬ 
able,  customized  for  the  customer’s 
unique  situation  and,  of  course,  com¬ 
pelling  enough  that  the  sale  is  ap¬ 
proved.  For  an  added  level  of  reassur¬ 
ance  that  the  ROI  benchmark  is  set 
fairly,  the  business  case  could  be  vali¬ 
dated  by  a  neutral  third  party. 

Given  the  dramatic  changes  in  IT 
spending  practices  over  the  past  three 
years  and  the  current  high  level  of  fis¬ 
cal  scrutiny  on  investments,  now  is  the 
time  to  move  toward  shared  risk  and 
reward  in  major  technology  projects. 
While  status  quo  is  the  comfortable 
choice,  early  adopters  of  ROI  SLAs 
will  take  the  lead  in  finding  true  IT 
partners  (not  merely  technology  ven¬ 
dors),  thus  mitigating  risk  and  increas¬ 
ing  the  likelihood  of  seeing  rewards. 
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Meet  the  IBM  eServer  BladeCenter.™ 

When  the  pieces  sync,  powerful  things  happen.  True  for  humans, 
true  for  BladeCenter.  The  IBM  eServer  BladeCenter  system  integrates 
servers,  networking  and  storage  resources  for  ease  of  management 
and  low  TCO.  From  a  centralized  remote  console,  you  can  deploy 
servers  in  minutes  (not  hours  or  days)!  Scale  out.  Reconfigure  on 
the  fly.  Buy  only  what  you  need,  when  you  need  it.  On  demand. 
Powered  by  the  Intel®  Xeon™  processor. 

eServer:  servers  for  on  demand  business. 

Can  you  see  it?  See  it  at  ibm.com/eserver/integration 
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Server,  network  and  storage 
resources  integrate 
to  help  protect  ROI. 

On  c  imand. 


'Customer  experience  and  savings  will  vary  depending  upon  configuration  and  other  factors.  Blade  servers  for  BladeCenter  are  sold  separately.  IBM.  the  e-business  logo.  eServer  and  BladeCenter  are  trademarks  or  registered  trademarks 
of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel,  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United 
States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2003  IBM  Corporation.  All  rights  reserved. 
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isf action,  from  Manufacturer  Direct 
iop  Presents ! 


75  Years  ofCusto 
Savings  up  to  50(. 


NEC  DUAL  Format 
4  X  DVD  Burner 


¥  with  Free 
f  Roxio  + 
DVD  X  Copy 
Xpress 
Version  3.0.2 


Transmeta  1  GigaPro  CPU,  512KB  L2 
Cache 

256MB  Memory,  30GB  Hard  Drive 
14,r  XGA  TFT  LCD  Monitor 
DVD+CDRW  Combo  Drive 
4-5  Hours  Battery  Life 
Built-in  Wireless  Lan 
Built-In  Ethernet  Adapter 
Built-In  Fax  Modem 
One  Year  Parts  &  Labor  warranty 


AMD  XP  2500  1 ,83GHz  Socket  A  Processor 

AMD  SV266A  DDR/SDRAM  Socket  A  Motherboard 

512MB  DDR  Memory, 80GB(7200RPM)Hard  Drive 

Sony  16X  (40X  CD)  DVD  Drive 

Sony  52X24X52  Internal  IDE  CDRW  Drive 

4X/8X  AGP  -  GeForce  FX  5200  128MB  DDR 

Sound  Blaster  Live  5.1 

Lucent  56K  v.92  Internal  Fax  Modem 

1000W  P.M.P.O.  3pcs  Subwoofer  Speaker  System 

Crystal  Clear  DIY  Acrylic  Transparent  PC  Case 

One  Year  Parts  &  Labor  warranty 


Model  No.DV-NE-DVRXCOPY. 


Model  No.  CTAX25A 


Model  No.  TRM1GD 


GeForce  FX  5600 
256MB  DirectX  9.0 
Dual  Monitor 


P4-2.8GHZ  (533MHz)  Socket  478  FSB  Processor 
Biostar  P4  533MHz  FSB  DDR  266  Motherboard 
512MB  DDR  Memory, 120GB(7200RPM)Hard  Drive 
A-Open  16X  (48X  CD)  DVD  Drive 
A-Open  52X24X52  Internal  IDE  CDRW  Drive 
600W  Subwoofer  w/  2  Speakers  System 
400W  ATX  Mid  Tower  Case  w/  2  USB  Ports 
Silver  /  Black  17"  SXGATFT  LCD  Monitor 
w/  2  Built-in  Speakers 
One  Year  Parts  &  Labor  warranty 


Intel®  Pentium®  M  (Centrino)  1 ,3GHz 
(400MHz  FSB) 

512MB  DDR  333  Memory,  40GB  Hard  Drive  ';. 

ATI  Mobility,  64MB  DDRAM  Video 

4-5  hours  battery  life 

15"  SXGA  TFT  LCD  Monitor 

Toshiba  DVD-RW  Drive 

Built-In  Ethernet  Adapter 

Built-In  Fax  Modem 

Built-In  1394  IEEE  Firewire 

One  Year  Parts  &  Labor  warranty 


Model  No.  VG-NV-FX5600256 


’P28A 


Model  No. 


Model  No.  551 DI3F 


$1499&up 


Gigabyte 
nForce31 50,  * 
800MHz  FSB 
Motherboard 


Intel®  Pentium®  4  3.06GHz  (533MHz  FSB) 
Processor  w/  Hyper-Threading  Technology 
1.0GB  DDR  333  Memory,  60GB  Hard  Drive 
ATI  Radeon  9000  M9  64MB  DDR  AGP 
16.5"  UXGA(16.1”  Viewable)  TFT  LCD 
Toshiba  DVD-RW  All-in-One  Drive 
Internal  Li-Ion  Battery 
Built-In  Ethernet  /  Modem 
Built-In  1394  IEEE  Firewire 
Free  Deluxe  Notebook  Carrying  Case 
One  Year  Parts  &  Labor  warranty 


AMD  Athlon  64  3200+  (2.0GHz,  1600MHz  FSB 

w /  1MB  of  L2  Cache)  Processor 

Gigabyte  Athlon64,  nForce3  1 50,  800MHz  FSB 

•  1.0GB  DDR  Memory,  120GB  7200RPM)Hard  Drive 
Sony  16X  (40X  CD)  DVD  Drive 

Pioneer  4X  DVDRW/CDRW/DVD/CDR  Drive 

•  4X/8X  AGP  -  GeForce  FX  5600  256MB  DDR 
Sound  Blaster  Audigy  4X  Gamer 

•1000W  P.M.P.O.  3pcs  Subwoofer  Speaker  System 

•  Motor  Driven  Aluminum  Neon  MATRIX  Case 
One  Year  Parts  &  Labor  warranty 


Model  No.  MB-GA-NF3FSB800 


Model  No.  MSLK832A 


Model  No.  732ED30A 


3%  Discount ,  Code:CW-VIP001,Free  Gift  with  Purchase!!! 


7"  Cyber  Home 
Portable 
DVD  Player 
with 

[  4HR  Battery 


Model  No.  EC-LDV712 


Order  Online  Now  24  Hours ,  7  Days  A  Week! 

30  Days  Money SH¥f  Guarantee! 
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indows 


com 


Your  One  Stop  Online 


Superstore ! 


Life  Time 
Tech  Support! 


We  are  A  Government  Certified  Vendor 
(DUNS  No.098489144) 
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Call  Toll  Free:  1  -866-650-7400 


Mon-Fri:  7:00AM-7:00PM  PST 


Sat-Sun:  8:00AM-5:00PM  PST 
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Advertising  Supplement 

IT  Careers:  Efforts  Target  Diversity  Hiring  in  IT  Profession 


Two  major  initiatives  are  pushing  the  role  of  minority 
hiring  as  the  information  technology  profession  gears  up  to 
add  people.  The  NAACP  and  Society  of  Hispanic 
Professional  Engineers  are  coordinating  with  SHOMEX,  one 
of  the  nation's  leading  diversity  job  fair  firms,  to  provide 
information  to  companies  and  professionals. 

According  to  Cristopher  Levy,  vice  president  of 
marketing  for  SHOMEX,  his  firm  pulsed  more  than  15,000 
companies  who  use  SHOMEX  to  identify  seven 
communities  to  implement  information  technology, 
information  systems  and  engineering  related  job  fairs.  The 
fairs  -  to  be  held  in  Boston,  Chicago,  Dallas,  Los  Angeles, 
Philadelphia,  Santa  Clara,  CA  and  Washington,  DC  -  will 
feature  a  range  of  high  tech  and  non-IT  companies.  "They 
are  consumer  products,  food  service,  and  large 
manufacturers  such  as  Northrop  Grumman  and  Raytheon," 
says  Levy.  The  job  fairs  reflect  SHOMEX's  effort  to  expand 
diversity  partnerships  in  the  major  metro  markets.  "We  will 
continue  to  work  with  NAACP  branches  and  state 
conferences,  but  will  also  expand  partnerships  with  the 
Urban  League,  LULAC,  BDPA  and  other  leading  diversity  groups. 


During  National  Hispanic  Heritage  Month  (Sept.  15-0ct. 
1 5),  additional  focus  was  given  to  the  Hispanic  Engineering 
and  Information  Technology  report,  "Latinos  and 
Information  Technology:  The  Promise  and  the  Challenge." 
Commissioned  by  IBM  and  conducted  by  the  Tomas  Rivera 
Policy  Institute,  the  study  pinpointed  that  African- 


Those  are  data  points  the  Hispanic  Digital  Divide  Task 
Force  is  out  to  change.  The  group  has  set  four  basic  goals  - 
to  assure  access  to  the  Internet  and  provide  for  its  use  by 
the  Hispanic  community;  provide  learning  opportunities  for 
computer  literacy;  develop  employment  opportunities  in  IT; 
and  analyze  institutions  and  individuals  who  can  help  lead 
the  effort. 


Serving  on  the  task  force  are  Victor  Cabral,  VP- 
Government  and  Hispanic  Affairs,  Verizon  Communications; 
Maria  Villar,  VP-eBusiness  Transformation  Planning,  IBM 
Corporation;  Ronald  Blackburn  Moreno,  President  and  CEO, 
ASPIRA;  Raul  Cosio,  VP-eBusiness  Transformation,  IBM; 
Antonio  Flores,  President,  Hispanic  Association  of  Colleges 
and  Universities;  Luis  Miranda,  President,  Miranda  y  Mas; 
the  Hon.  Silvestre  Reyes,  D-TX,  U.S.  House  of 
Representatives;  and  Carmen  Varela  Russo,  CEO,  Baltimore 
Public  Schools.  The  net  result  will  be  that  companies 
looking  to  reflect  the  footprint  of  their  companies  will  be 
seeking  technical  talent  from  a  diverse  pool,  one  that  is 
highlighted  by  the  task  force's  work  and  at  the  SHOMEX 
job  fairs. 


"Just  as  important  is  that  there  are  certain  key 
(geographic)  markets  to  watch  and  certain  sectors,  from 
security  and  defense  to  pharmaceuticals  and  health  care," 
Levy  says.  "And  while  our  business  model  has  long  been 
one  that  has  expertise  in  diversity  recruiting,  we're  seeing 
this  hiring  surge  as  a  reflection  of  economics  as  much 
as  ethnicity." 


Americans,  Latinos  and  Native  Americans  make  up  1 5%  of 
the  total  U.S.  workforce.  However,  they  claim  only  6.7%  of 
computer  and  information  science  jobs  and  5.9%  of 
engineering  opportunities.  Just  as  important,  Latinos 
comprise  1 .7%  of  the  U.S.  computer  science  faculty  and 
4.9%  of  the  engineering  faculty.  On  the  extreme  opposite 
side,  42%  of  Hispanic  youths  drop  out  of  high  school. 


For  more  information  about  IT  Careers  advertising, 
please  contact: 

Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


Information  Systems  Coor¬ 
dinator  wanted  to  coordinate 
employer's  information  technol¬ 
ogy  needs,  including  hard¬ 
ware/software,  Analyze  employ¬ 
er's  information  technology 
needs  and  determine/implement 
necessary  solutions,  proce¬ 
dures.  Provide  system/data 
management  support  to  CAD/ 
CAE/CAM/CMM  Group.  Work 
to  integrate  enterprise  wide 
information  system  to  include 
MAS90/W  system,  Microsoft 
Office  Suite,  Novell  and 
Windows  NT  network  operating 
systems,  bar  coding,  databases 
and  software.  40  hrs/wk,  8:00 
a.m.  to  5:00  p.m.;  $61,552.40/yr; 
Requires  Master's  Degree  in 
Computer  Science,  plus  4  yrs. 
exp.  in  Job  Offered  or  4  yrs.  exp. 
as  Computer  Consultant  and/or 
Senior  Computer  Consultant. 
Send  resumes  to:  PO.  Box 
11170,  Detroit,  Michigan  48202, 
Reference  No.  211309. 
Employer  Paid  Ad. 


COMPUTER 

PricewaterhouseCoopers  LLP's 
Forensic  Technology  Solutions 
practice  has  opportunities  avail¬ 
able  for  expenenced  profession¬ 
als  in  the  area  of  Computer 
Systems  Analyst.  Position 
requires  a  bachelor's  degree 
(master's  preferred)  in  CS  or  MIS 
and  1  to  5  yrs  related  exp., 
including  exp  with  database 
development,  application  devel¬ 
opment.  and/or  computer  foren¬ 
sics.  Job  site/location:  NY,  NY. 
Interested  candidates  please  ref¬ 
erence  job  code  52YMD8  &  fax 
your  resume  to  MMR  at  267-330- 
4320.  No  phone  calls  please. 
Employer  will  only  consider 
applicants  authorized  to  work  for 
any  employer  in  the  U.S. 


Software  Engineer  (2  positions) 
-  Research,  design  and  develop 
computer  software  systems  in 
conjunction  with  hardware  prod¬ 
uct  development  applying  princi¬ 
ples  and  techniques  of  computer 
science,  engineering  and  math¬ 
ematical  analysis.  Design  and 
implement  computer  software 
systems  writing  Active  Server 
Pages  using  Visual  Basic. 
Various  unanticipated  locations 
throughout  the  U.S.  Requires 
Master  or  equivalent*  in 
Computer  Science,  Engineering 
or  Mathematics.  'Equivalent  is 
Bachelors  plus  5  yrs  exp. 
Requires  3-5**  yrs  exp  in  the  job 
offered  or  3-5**  yrs  exp  as 
Systems  Analyst,  Programmer 
Analyst,  Systems  Engineer.  **3 
yrs  exp  if  Masters  of  5  yrs  expe¬ 
rience  if  Bachelors.  Must  have 
1-yr  exp  writing  Active  Server 
Pages.  5  day.  40  hr/wk, 
$78,000/yr.  Please  mail 
resumes  to  Workforce 
Development  Programs,  PO 
Box  46547,  Denver,  CO  80202 
and  refer  to  order  number 
C05058206. 


SYSTEMS  ANALYST  to  provide 
on-site  consulting  in  analysis, 
design,  development  and  imple¬ 
mentation  of  business  to  busi¬ 
ness  applications  on  IBM 
AS/400  using  COBOL,  RPG  and 
CL;  extensive  use  of  web  pro¬ 
gramming  tools  including  Java, 
HTML,  JavaScript,  Visual  Basic, 
Cold  Fusion  and  MS  SQL 
Server,  Oracle  and  MS  Visual 
Studio.  Require:  Bachelor,  or 
equivalent  (three  years  of  pro¬ 
fessional  experience  is  equiva¬ 
lent  to  one  year  of  college  level 
education)  in  Computer  Science 
and  two  years  experience  in  the 
job  offered  40%  travel  to  client 
sites  within  the  United  States 
required.  Competitive  salary 
and  benefits,  40  hours/week,  M- 
F.  Mail  resume  to:  Vice 
President,  Frontline  Consulting 
Services,  Inc.,  8701  Mallard 
Creek  Road,  Charlotte,  NC 
28262. 


Silicon  Laboratories  Inc.  is  hiring 
for  the  following  positions: 

Circuit  Design  Engr  -  Design 
analog  &  digital  circuit  for  data 
conversion  &  comm  apps;  Min 
req’t:  MSEE  or  BSEE  +  5  yrs. 
exp. 

RF  Mixed-Signal  Design  Engr  - 
Design  RF  ICs  for  consumer 
electronic  wireless  comm  eqpt 
from  design  capture  &  layout  to 
test  &  evaluate  prototype: 
Minreq't:  MSEE  or  BSEE  +  5 
yrs.  exp. 

Sr.  Circuit  Design  Engr  -  Design 
analog  &  digital  ICs  for  con¬ 
sumer  electronic  wireline  comm 
eqpt  from  design  capture  &  lay¬ 
out  to  test  &  evaluate  prototype; 
Min  req't:  Ph.D.  EE. 

Complete  job  description  at 
www.silabs.com/careers.  Send 
resume:jobs_design@silabs.co 
m  or  HR  Dept,  4635  Boston 
Lane,  Austin,  TX  78735.  NO  IN 
PERSON  APPLICATION 


Software  consultancy  in  Keene, 
NH  seeking  a  SE  or  Prog/ 
Analyst  with  Bachelors  in  CE. 
EE  or  rel.  1  yr  of  RDBMS 
(Oracle  or  mySQL)  experience  a 
must.Applicant  will  convert  pro¬ 
ject  specifications  and  state¬ 
ments  of  problems  and  proce¬ 
dures  to  detailed  logical  flow 
charts  for  coding  into  computer 
language.  Will  develop  and  write 
computer  programs,  will  analyze 
user  requirements,  design, 
code,  test,  debug,  implement 
and  upgrade  computer  security 
systems.  Will  primarily  analyze 
and  design  databases  and  must 
have  in-depth  knowledge  of 
relational  database  manage¬ 
ment  systems  such  as  Oracle 
and  mySQL.  Travel  required. 
Salary  45K  per  year.  Send  2 
copies  of  your  resume  to:  Job 
Order  #  2003-313.  P.O.  Box 
989,  Concord,  NH  03302-0989 


Get  Ahead  In  Your  Career! 


Meet  Face-To-Face  With  Leading  Employers  At  The... 

GareerfaiR 


WASHINGTON,  DC 

Tues.,  October  21 
McLean  Hilton  Hotel 

7920  Jones  Branch  Drive  •  Tysons  Comer,  VA  22102 

Partial  List  of  Employers  Includes:  AT&T 
Government  Solutions.  DigitalNet,  EDS,  Federal 
Aviation  Administration,  First  Union/Wachovia, 
General  Dynamics,  General  Electric.  Jefferson 
Laboratory,  Merck,  Northrop  Grumman,  Orkland 
Corporation  and  SAIC. 


GREENBELT,  MD 

Thurs.,  October  23 
Martins  Crosswinds 

7400  Greenway  Center  Drive  •  Greenbelt,  M0  20770 

Partial  List  of  Employers  includes:  Andrews 
Federal  Credit  Union,  Choice  Hotels 
International,  Computer  Sciences  Corporation, 
GlaxoSmithKline,  Honeywell  Technology  Solution, 
Perot  Systems  -  Government  Services.  Signia 
and  Starbucks  Coffee  Company 


Exhibit  Hours  for  Both  Events:  11:30am  -  4:30pm  •  Free  Admission 

Employers  -  To  exhibit,  please  call  Gloriann  Clark  at  310-309-4409 


For  the  latest  information,  visit  diuersitycareereKpos.com 
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Technical  Manager 

Technical  Manager  (elT). 
Durham,  NC,  Manage  and 
advise  technical  staff  in  the  elT 
Delivery  Group,  ind.  developers, 
analysts  and  consultants. 
Ensure  coding  guidelines  and 
Change  Management  process¬ 
es  are  in  place  and  adhered  to. 
Strategically  direct  the  team  on  a 
global  level,  utilizing  under¬ 
standing  of  Intranet  and  Extranet 
platform  technologies  and  of 
tech,  and  business  issues  of 
customer  base.  Provide  leader¬ 
ship  to  team  in  tech,  consulta¬ 
tion,  analysis  and  design, 
dvpmt.,  implem.,  and  tech,  sup¬ 
port  for  eBusiness  projects. 
Provide  time  and  cost  estimates 
for  tech,  aspects  of  projects. 
Ensure  that  technical  implemen¬ 
tation  adheres  to  standards  and 
that  services  are  suitable  for 
turnover  to  Operations  staff. 
Stay  abreast  of  new  technolo¬ 
gies  as  they  arise.  Req.: 
Bachelor's  degree  or  foreign 
equiv.  in  Computer  Science  or 
related  engineering  field. 
Minimum  of  3  year  experience 
required  in  job  offered  or  as  web 
developer  including  3  years 
experience  in  the  following, 
which  may  have  been  obtained 
concurrently:  Plumtree,  Verity, 
Netegrity  and  Interwoven; 
NT/IIS  administration  ASP, 
HTML,  XML,  Java,  Javascript, 
ODBC  and  MTS;  Intranet  and 
Extranet  technical  experience 
including  portals,  search  ser¬ 
vice,  web  hosting  platforms  and 
taxonomies;  and.  project  man¬ 
agement  and  technical  consult¬ 
ing  for  web  applications  in  a 
business  environment. 

GSK  is  dedicated  to  an  innova¬ 
tive  workplace  and  supports  you 
w/career  long  opportunities  & 
learning.  We  offer  a  competitive 
benefits  and  compensation 
package.  For  confidential  con¬ 
sideration  please  forward  2 
copies  of  your  resume  to:  BHG 
Box  28228,  220  E  42nd  St., 
14th  FI..  NY,  NY  10017. 
Indicating  ad  code  ''TM"  is 
essential.  Principals  only,  no 
agencies.  We  are  an  Equal 
Opportunity  Employer  M/F/D/V. 

SENIOR  DATABASE  ADMINIS¬ 
TRATOR  (ORACLE  /  MS-SQL)  - 
An  international  company  head¬ 
quartered  in  the  Boston  area, 
and  engaged  in  the  research, 
development,  marketing  and 
sale  of  state-of-the-art  imaging 
media  and  devices,  has  an 
immediate  need  for  a  highly 
skilled  Senior  Database 

Administrator  (Oracle/MS-SQL). 
This  senior  specialist  position  is 
responsible  for  new  database 
creation,  Oracle  7-8i  application 
development  support,  and  man¬ 
agement  of  approximately  22 
separate  corporate  Oracle  7-8i 
and  MS-SQL  databases,  many 
of  which  are  mission-critical 
requiring  24-hour/7-day  on-call 
availability;  this  non-managerial 
position  is  also  responsible  for 
mentoring  application  develop¬ 
ers  and  support  personnel.  The 
position's  duties  involve  the 
design,  implementation, 

upgrade,  diagnosis,  real-time 
failure  correction  and  support 
Oracle  databases  on  both  Unix 
and  NT  platforms;  the  design, 
implementation,  diagnosis,  and 
support  of  MS-SQL  databases; 
the  writing  of  scripts  in  UNIX 
Shell,  Perl,  and  PL/SQL  pro¬ 
gramming  languages;  the  instal¬ 
lation,  upgrade  and  support  of 
Oracle  in  an  SAP  environment; 
and  the  set  up  and  support  of 
Oracle  Standby  database  and 
split-mirror  database  backup. 
Minimum  education  require¬ 
ments  include  a  Bachelor's 
degree  in  Computer  Science, 
Mathematics,  or  other  job-rele¬ 
vant  major.  Minimum  experi¬ 
ence  required  is  8  years  involv¬ 
ing  the  design,  development  and 
implementation  of  database 
applications,  at  least  three  years 
of  which  specifically  included 
Oracle  database  administration. 
Base  annual  salary  is  $83,000 
together  with  contributory  med¬ 
ical  and  dental  plan,  life  and  dis¬ 
ability  insurance's,  employer- 
paid  vacation,  and  other  indus¬ 
try-competitive  benefits. 

Qualified  applicants  respond 
with  two  (2)  copies  of  resume 
only  to:  Case#  200203250, 
Labor  Exchange  Office,  19 
Staniford  Street,  1st  Floor, 
Boston,  MA  02114. 

COMMUNICATION  SYSTEMS 
ENGINEER  (Weston,  FL): 
Propose  solutions  to  improve 
and  enhance  existing  hardware 
and  software  telecommunication 
architectures.  Design,  develop, 
test,  implement  and  analyze 
technical  products  and  systems 
focused  on  wireless  technology 
(Wireless  Internet  platform  - 
(WAP  Technology)).  Min.  of  (1) 
Bachelor's  degree  or  equiv.  in 
Electrical  Engrg.  or  Electronics 
Engrg.;  (2)  3-yr  experience  in 
job  offered  or  3-yr  experience  in 
wireless  telecommunications 
engrg.  in  Telecommunications  & 
Wireless  Industry;  (3)  Exp¬ 
erience  must  include  design  and 
development  of  system  in 
Wireless  Internet  Platform  (WAP 
technology);  and  standards  and 
technologies  of  UMTS,  GPRS, 
GSM,  CDMA  IS-95  and  SMS. 
40hr/wk;  9am-6pm.  Mon-Fri. 
Pis.  send  2  resumes  to 
HR/OCF-cp,  Consis  Inter¬ 
national,  L.C.  1900  N. 
Commerce  Parkway,  Weston, 
FL  33326. 

Senior  Engineer  (Senior 

Software  Engineer):  Design  and 
develop  the  persistence  tier  for 
the  company  product  line. 
Design  and  implement  the 
reporting  subsystem  for  the 
company  product.  Work  on  sev¬ 
eral  projects  in  the  early  stage  of 
development  and  perform 

research,  design,  coding  and 
testing  for  the  project. 

Requirements  include  a 

Master’s  degree  or  equivalent  in 
Computer  Science,  an 

Engineering  discipline  or  related 
field  and  three  years  of  work 
experience  in  the  job  offered  or 
related  field  of  software  engi¬ 
neering.  Experience  must 

include  knowledge  of:  Solaris, 
Linux,  C++,  Java,  SQL, 
Javascript,  MS  Interdeve  and 
ASP.  Applicants  must  have 
unrestricted  authorization  to 
work  in  the  United  States. 
Salary  $96, 624/year.  40 

hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200203095,  Labor  Exchange 

Office,  19  Staniford  St..  1st  FI., 
Boston,  MA  02114 

Spectral  Genomics,  Inc. 

(Houston,  TX)  is  seeking  for  (1) 
Bioinformatics  System  Engineer 
to  develop  company's  bioinfor¬ 
matics  system.  1  yr.  related  exp. 
in  statistical  and  pattern  recogni¬ 
tion  algorithm  development 
using  Labview,  Oracle,  Solaris, 
and  Linux. 

(2)  Bioinformatics  System 
Analyst  to  develop  company's 
bioinformatics  system  using 
Rational  Rose,  UML,  JDBC, 
EJB,  Rosetta  net,  Weblogic, 
XML,  Java  Servlets  and  QA 
Tests.  1  yr  related  exp.  Send 
resume  to  8080  North  Staduum 
Dr..  Houston.  TX  77054  713- 
797-0203(F)/713-797-0092(T). 
Attn:  Tom  Martin. 

COMPUTER 

Semantic  Space  has  a  continu¬ 
ing  need  for  multi  skilled  IT  pro¬ 
fessionals.  Positions  available 

are  Software  Engineers  with 

net,  VBScript,  Jscript,  ASP.net 

skills;  Programmer/Analyst, 

Project  Leader/Manager  with 
extensive  experience  in  IT 

industry.  Send  resume  to:  100 

Pacifica,  #270,  Irvine,  CA 

92618.  Attn:  HR  or  fax  to  949- 

789-7334 

Senior  Software  Engineer-  Work 
hands-on  in  the  development 
lifecycle  of  e-health  technolo¬ 
gies,  including  design,  imple¬ 
mentation,  testing  and  mainte¬ 
nance  of  enterprise  software 
application,  GUI,  backend,  and 
stand  alone  applications,  soft¬ 
ware  components  and  applica¬ 
tion  servers  for  the  healthcare 
industry.  Develop,  testing,  and 
maintain  software  components, 
middleware  containers,  and  web 
services  to  confidentially  and 
securely  manage  patient  infor¬ 
mation.  Develop  tools  and  tech¬ 
nologies  for  document  publish¬ 
ing  and  management,  semantic 
processing  and  content  extrac¬ 
tion.  Work  with  application  of 
authentication,  cryptography 
and  public  key  infrastructure 
techniques  and  methodologies 
in  developing  secure  transac¬ 
tions  with  the  company's  busi¬ 
ness  partners  and  clients.  Use 
knowledge  of  various  XML  tech¬ 
nologies,  Java  and  C/C++, 
object  oriented  design  and  web 
development  technologies. 
Requirements  include  a 
Master's  Degree  or  equivalent  in 
Computer  Science.  an 
Engineering  discipline  or  related 
field  and  three  years  of  experi¬ 
ence  in  the  job  offered  or  related 
field  of  web-based  application 
development  including  Java, 
XML  and  C++.  Applicants  must 
have  unrestricted  authorization 
to  work  in  the  United  States. 
Salary  $85, 561/year.  40 

hours/wk.  Respond  with  two 
copies  of  resume  to  Case 
#200203251,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FI., 
Boston,  MA  02114 


Power  Electronics  Engineer: 
Design,  develop  and  test  IGBT 
and  MOSFET  based  power  con¬ 
verters  to  include  inverters,  DC- 
DC  converters,  power  supplies 
and  frequency  converters  for 
motor  drives,  distributed  power 
applications  such  as  fuel  cells 
and  other  industrial  applications 
in  the  5kW  to  1  MW  power  range. 
Design,  develop  and  test  DSP 
based  controllers  using  analog 
and  digital  devices.  Design, 
develop  and  test  new  power 
conversion  and  control  topolo¬ 
gies  and  concepts.  Use  power 
electronics  and  controls  model¬ 
ing  tools  to  include  Simulink, 
Pspince  and  other  related  simu¬ 
lation  tools.  Requirements 
include  a  Master's  degree  or 
equivalent  in  Electrical  Eng¬ 
ineering  or  related  field  and  two 
years  of  work  experience  in  the 
job  offered  or  related  field  of 
design,  analysis,  development 
and  testing  of  power  converters 
in  the  range  of  5  kW  to  1  MW. 
Applicants  must  have  unrestrict¬ 
ed  authorization  to  work  in  the 
United  States.  Salary  $83,590/ 
year.  40  hours/wk.  Respond 
with  two  copies  of  resume  to 
Case  #200203128,  Labor 
Exchange  Office,  19  Staniford 
St.,  1st  FI.,  Boston,  MA  02114 


Programmer  Analyst  w/exp  in 
using  Oracle,  MS  SQL,  MS  SQL 
Server  under  Windows  &  Unix 
environment.  Implement  GUI 
solutions  using  VC++,  VB, 
Active  X,  VBA  and  Win  32API. 
Send  resumes  to:  Apollo 
Consulting  Services  Corp.,  One 
Copley  Parkway,  Suite  430, 
Morrisville,  NC  27560.  No  in  per¬ 
son  resumes/interviews:  only 
respond  by  mail. 


Infobahn  Technologies  has 
immediate  full  time  openings  (2 
positions)  for  Software 
Engineers  to  design,  develop, 
test  &  implement  web  services  & 
databases  to  the  client's  prod¬ 
ucts  &  services  using  .Net  tech¬ 
nologies  (ASP  .Net,  VB.  Net,  C 
Sharp),  C++,  XML,  XSLT,  UML, 
PL/SQL,  T-SQL,  Shell  Scripting, 
Java  &  tools  such  as  Source 
Safe,  Clearcase,  Filemaker  Pro, 
Back-end  development  skills 
using  Oracle,  SQL  server.  Req 
BS  in  Comp.  Sci.  Engg/Rel  field 
with  2  yrs  exp.  Send  resumes  to: 
infobahn  Technologies,  (HR) 
288  Walnut  St.  #410  Newton, 
MA  02460. 


Programmer  Analyst  needed 
w/exp  in  client/server  &  n-tier 
applications  using  Delphi,  XML, 
HTML,  ASP,  TCP/IP,  IIS,  Star 
Team,  COM/DCOM,  Active  X  & 
MTS,  Sybase,  MS  SQL  Server, 
TSQL,  ERwin  &  Cast  SQL- 
Builder  &  TCP  Trace.  Use  Quick 
Reports  &  Crystal  Reports.  Send 
resumes  to:  Triple  Point 
Technology,  Inc.  301  Riverside 
Ave.,  Westport,  CT  06880.  No  in 
person  resumes/interviews;  only 
respond  by  mail. 


Database  Design 
Analyst/Project  Lead  for 
s/ware  co  in  Manhattan, 
NY.  Must  have  Master's 
in  Comp  Sci  or  reltd  field 
&  2yrs  exp  in  job  offerd. 
Send  resume  to: 
recruit@ftisoft.com  &  re: 
DDAP 


is  the  place  where 
your  fellow  readers 
are  getting  a  jump 
on  even  more  of  the 
world's  best  jobs. 

Now  combined  with 
CareerJournal.com, 
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Software  Analyst/Developers 
needed  at  client  sites  to  dsgn 
tech'l  architecture  for  Ig.  enter¬ 
prise  level  multi-tiered  applies 
addressing  critical  bus  re-engg 
needs  specific  to  telecom  indus¬ 
try  using  UML  processes  & 
Rational  Rose  2000.  Other  tools 
used:  XML  SPY,  IBM 
WebSphere  platform,  Unix 
Kernel  Prgmg  for  BSD,  Silk, 
Visual  Cafe,  WSAD,  &  Dsgn 
Patterns  among  others.  Apply 
to:  Global  Consultants,  Attn: 
Hireme,  25  Airport  Rd, 
Morristown,  NJ  07960. 


Programmer  Analyst  needed 
w/exp  in  s/w  application  mod¬ 
ules  using  UNIX,  Oracle, 
PL/SQL,  Java  &  ASP.  Create 
and  maintain  data  loading  map¬ 
pings  using  ETL-Informatica 
tool.  Create  run  &  support  web- 
based  Business  Intelligences 
using  Microstrategy  tool. 
Implement  version  control  using 
PVCS  &  other  available  tools. 
Develop  OSS  &  DSS  Reports 
using  Lotus  notes.  Send 
resumes  to:  E  Center,  Inc.,  5170 
North  53rd  St.,  Milwaukee,  Wl 
53218.  No  in  person  inter¬ 
views/resumes;  respond  by  Mail 
only. 


SBI  is  looking  for  the  following 
positions  for  its  offices  in 
Houston,  TX,  San  Francisco, 
CA,  Warren,  NJ,  Salt  Lake 
City,  UT  and  Portland,  OR: 
Art  Director,  Web  Designer, 
Programmer  Analysts,  Tech¬ 
nical  Architects,  Technical 
Consultants,  Business  Strate¬ 
gists,  Systems  Analysts,  Soft¬ 
ware  Engineers,  Software 
Developers,  resumes  by 
email  or  fax  only  to  HR,  SBI 
2825  East  Cottonwood  Park¬ 
way,  Suite  480,  Salt  Lake  City, 
UT  84121: 

careers@sbiandcompany.com; 
Fax  (801)  733-3201. 


Programmer  Analyst  need¬ 
ed  w/exp  in  multi-tier  soft¬ 
ware  applications  using 
Delphi,  XML,  SOAP, 
TIBCO,  XSLT,  Oracle  & 
SQL  Server.  Send  resumes 
to:  Triple  Point  Technology, 
Inc.  301  Riverside  Ave., 
Westport,  CT  06880.  No  in 
person  resumes/interviews; 
only  respond  by  mail. 


Health  Data  Analyst 

To  develop  and  implement 
analytic  health  projects,  per¬ 
form  analyses  on  data  from 
various  sources,  and  write 
custom  health  applications. 
Req.  Master's  degree  in  sta¬ 
tistics,  computer  engineering 
or  closely  related  fields,  and 
proficiency  in  SAS,  Oracle  & 
Access.  40hrs/wk.  Fax 
resumes  to  678-527-3009. 
Code:  Data2003.  EOE 


Senior  Software  Engr  wanted  by 
legal  information  services  co.  in 
NYC  to  perform  systems  design, 
prgrmng  &  testing  of  applica¬ 
tions  and  to  provide  support  for 
JDEdwards  One  World  and 
other  applications.  Experience  in 
Oracle.  SQL  &  JDEdwards  One 
World  ERP,  distribution  and 
financial  systems,  and  ’C  pro¬ 
gramming  using  JDE  API's. 
Resumes  to  CT  Corporation 
Systems,  111  8th  Ave,  NY,  NY 
10011. 


GeoTomo  LLC.  (Houston,  TX)  is 
seeking  a  Java3D  Software 
Engineer  to  develop  graphic 
visualization  tools  for  geophysi¬ 
cal  application  software  using 
Java3D  programming.  Send 
resume  to  810  Highway  6  S., 
#220,  Houston,  TX  77079/281- 
597-1201(F)/281-597-1429(T). 
Attn:  Kendall  Lemke. 


COMPUTER 

Integral  Vision  is  seeking  soft¬ 
ware  engineers.  Duties  include: 
develop,  upgrade  &  maintain  its 
software.  Require:  BS  in  com¬ 
puter  science  or  related  major 
field,  5  years  of  experience  in 
relation  database  (Access,  SQL 
&  Oracle),  Gov.  DOT  Document 
workflow  processes  knowledge 
and  Project  Management  expe¬ 
rience.  Please  send  resume  and 
salary  requirement  to:  3176 
Lucas  Drive,  Suite  200, 
Lafayette,  CA  94549  attn:  HR  or 
email  to: 

Jobs@integralvision.com 


IT  Manager:  Develop  soft¬ 
ware  appls;  program  & 
maintain  billing/medical 
software.  Bachelors/equiva¬ 
lent  in  Comp.  Sc./ 
Engineering  w/rel.  exp. 
Resume  to  HR,  Healthcare 
America  Med.  Group,  3501 
Cortez  Rd.,  Bradenton,  FL 
34210. 


Comp.  Enng.:  Design,  develop, 
and  implement  software  sys, 
incl.  HR,  financial  and  web- 
based  sys  using  Oracle 
9i/Rpts/Designer,  CPFR. 
MSSQL  Server,  Java,  etc.  3  yrs 
exp.  in  job  offd  or  related  pos. 
w/same  duties  &  BS  in  Comp. 
Sci.  Lib  Sci.  (w/comp.  related 
coursework)  or  related.  Contact: 
SP  Software,  12320  Clairmonte 
Ave.,  Alpharetta.  GA  30004. 


Software  Developer 
Develop  customized  IT  solutions 
based  on  a  client's  needs  and 
business  environment.  Must 
have  Bachelors  Degree  in 
Computer  Science  or  foreign 
equivalent  or  in  a  related  field  & 
2  yrs.  exp.  or  2  yrs.  exp.  in  a 
related  position  w/ability  to  use: 
SQL,  Visual  Basic.  Oracle 
PL/SQL,  COM+  and  MS-Excel. 
40.0  hrs./wk  8:00  AM  *  6:00  PM 
Applicants  send  cover  letter  and 
resume  to:  SRA  Systems,  1945 
Cliff  Valley  Way,  Suite  270, 
Atlanta,  GA  30329,  Attn:  S. 
Nagarajan 


Software  Engineer:  Design, 
develop,  implement  &  maintain 
web  based  global  systems  appli¬ 
cation  allowing  online  accesses 
to  the  client’s  products  &  ser¬ 
vices.  Manage  &  architect  a 
solution  that  integrates  the 
clients  entire  information  system 
using  C,  XML,  XSLT,  JavaScript, 
HTML,  DHTML,  Java.  Lotus 
Notes  5.0,  lotus  Domino,  Lotus 
Script  and  Windows  NT/98.  Exp 
to  test  &  generate  reports,  user 
training  &  customizing  of  prod¬ 
ucts.  Req  BS  in  Comp.  Sci. 
Engg/Rel  field  with  2  yrs  exp. 
Wages:  $72,000/yr,  40  hrs/wk, 
8am-5pm.  Send  2  resumes  to: 
Case#200203256,  Labor 
Exchange  Office,  19  Staniford  St. 
1st  FI.,  Boston,  MA  02114. 


Seismic  Micro-Technology,  Inc. 
(Houston,  TX)  is  seeking 
Applications  Engineer.  6  mon. 
exp.  in  using  cubic  spline,  trian¬ 
gulation,  and  minimum  curvature 
algorithms.  Send  resume  to  8584 
Katy  Fwy,  #400,  Houston,  TX 
77024  or  713-464-6440(F).  Attn: 
Manager  of  HR. 

Castilian  Imports,  Inc.  (Houston, 
TX)  is  seeking  a  Computer 
Support  Specialist  to  analyze, 
develop,  test,  and  maintain  busi¬ 
ness  applications  software  using 
Bar  Code  system,  SFC  system, 
Inventory  Control  system,  SQL 
Commands,  and  EDI.  1  yr.  exp. 
Send  resume  to  22008  N. 
Berwick,  Houston.  TX  77095/281- 
858-1922(F).  Attn:  Hower  Shen. 


COMPUTER  SYSTEMS  HARD¬ 
WARE  ANALYST  sought  by  oil  & 
gas  remote  monitory  systems 
co.  in  Houston,  TX.  Must  have 
M.S.  in  Electrical  Engineering  or 
M.S.  in  Electrical  &  Computer 
Engineering,  plus  exp.  Respond 
by  resume  only  to:  Ms.  L.  Brown, 
R/P-#10,  Mgr.,  V  Monitor,  Inc., 
1000  Old  Katy  Rd.,  Houston,  TX 
77055. 


Infogen  is  seeking  IT  profession¬ 
als.  Req.  BS.  Skills  in  following 
area  are  plus:  Orade9i. 
Weblogic  /  WebSphere.  C++, 
Visual  C++,  VB.  COM,  STL, 
MTS,  MSMQ,  ASP,  Java,  HTML, 
XML.  MTS,  MSMQ.  ADO,  UML 
Travel  is  required.  Send  resume 
to  infojobs@infogeninc.com. 

Comp  Consults  is  looking  for 
programmer/system  analysts, 
engineers  or  IT  consultants.  Our 
minimum  requirement  is  BS  plus 
some  experience  in  following 
area:  Oracle,  Unix.  C/C++,  VB. 
Java.  J2EE,  EJB,  XML, 
XSL/XSLT.  Please  send 
resumes  to: 

immg@compconsults.com  EOE 


Regional  Sales 
Manager  west  coast 


IT  Careers  has  an  exciting  opportunity  for  a  high¬ 
ly  motivated  and  seasoned  sales  professional  to 
join  our  team.  This  Regional  Manager  will  be 
responsible  for  selling  integrated  recruitment 
advertising  packages  consisting  of  Print  (within 
our  network  of  publications),  Online  and 
Recruitment  Event  Show  Booths,  as  well  as  other 
products  as  they  become  established.  Emphasis 
will  be  on  generating  revenue  by  developing  new 
accounts,  but  this  individual  will  be  responsible 
for  growing  existing  accounts  and  servicing 
recruitment  ad  agencies  ensuring  that  IT  Careers 
is  top  of  mind.  The  candidate  will  be  the  part  of  a 
sales  team  working  to  set  the  territory  strategy, 
therefore  collaborative  selling  skills  are  critical.  In 
addition,  this  person  must  have  a  solid  under¬ 
standing  of  the  IT  recruitment  market,  be  an 
effective  communicator  and  negotiator  and  have 
a  proven  record  in  sales.  Minimum  of  5+  years  of 
outside  sales  experience  required,  preferably  in 
recruitment  advertising  sales.  This  position  will 
be  based  in  the  candidate’s  home  office  on  the 
west  coast.  Travel  is  required. 


If  interested,  please  email  a  resume  to 
jcjobs@idg.com  or  fax  to  (508)935-4600. 
Please  include  code  ITC922  in  the  subject 
line. 


IT 


parppre 


Comp:  S/w  Engr,  Progmr 
Analysts,  Database  Analyst, 
Syst  Analyst,  Ntwk  Admin,  for 
NH  IT  firm.  Bach  +1  yr  exp  for 
Jr.  Lvl  posi's  &  Mast  +2  yrs  or 
Bach  +  5  yrs  of  exp  for  Sr.  Lvl 
position.  Skill  req:  Oracle,  VB, 
Oracle  Clinical,  PL/SQL, 
SQL'Plus,  Java,  JDBC,  Java 
Servlets,  JavaScript,  RMI,  JFC, 
Swing,  Java  Beans,  C/C++,  Win 
NT/2000,  MS  Access  2002, 
UNIX,  Shell  Scripting,  DBA. 
Dream  weaver.  Websphere, 
Web  logic,  Web  db,  MS  Access 
2002  TOAD,  HTML,  DHTML, 
ASP,  XML,  Rational  Rose.  Apply 
w/2  copies  of  resume  to  HRD. 
Software  Research  Group,  Inc., 
75  Gil  Crest  Rd,  Apt  #  200, 
Londonderry,  NH,  03053 

Database  Admin  -  Design,  con¬ 
figure,  install  and  administer 

Oracle  databases  utilizing  AO, 

OID,  VLDB,  OEM,  RMAN 

Oracle  9iAS,  etc.;  2  yrs  exp.  in 

job  offd  or  related  and  B.S.  in 

Comp  Sci,  Enng  or  related.  Exp. 

ref.  req'd.  Send  res:  Anid 

Infosoft,  2204  Haley  St.,  Oxford, 

MS  38655. 

PeopleSoft  Programmer: 

2yrs  technical  exp.  in 

PeopleSoft.  Develop  inter¬ 
faces/reports  using  People 

Tools,  PeopleCode  on 

HRMS/FIn/Distrib  modules. 

BS  (Computer  Science)  or 

equiv.  pref.  Mail  resumes: 

Navo  Systems,  1150 

Hancock  St.,  4th  Fir, 

Quincy,  MA02169 

COMPUTER 

PricewaterhouseCoopers  LLP's 
Internal  Firm  Services  practice 
has  opportunities  available  for 
an  experience  Enterprise 
Messaging  Manager.  Positions 
require  5  yrs  related  exp., 
including  in-depth  knowledge 
and  experience  with  Lotus 
Notes  administration,  Unix.  NT 
Operating  systems;  and  SMTP 
messaging.  Job  site/location: 
Tampa,  Florida.  Interested  can¬ 
didates  please  reference  job 
code  473TSG  &  fax  resume  to 
PwC  US  IT  Recruiting  at  813- 
348-7980.  No  phone  calls 
please.  Employer  will  only  con¬ 
sider  applicants  authorized  to 
work  for  any  employer  in  the 
US. 

Database  Administrator  needed 
w/exp  in:  Oracle  Database  & 
SQL  Server.  Configure  database 
Fail-Over  using  MC/Service 
Guard  &  Veritas  clusters. 
Database  tuning  using 

Statspack,  Oracle  Enterprise 
Manager  &  Precise.  Use  SQL 
Back  Track,  RMAN,  Export  & 
Import.  Multi  Master  Replication 
&  Standby  Database  methods 
Design  database  for  DSS  & 
OLTP.  Prepare  shell  scripts 
using  Kshell.  Cshell  &  Perl 
Send  res.  to:  Global  Information 
Technology  Services,  LLC., 
7067  East  Chestnut  Hill  St.. 
Littleton.  CO  80130  No  in-per¬ 
son  resumes/interviews:  only 
respond  by  mail. 

Computer  Software  Associates 
(ICSA)  is  looking  for  software 
engineers,  system/programmer 
analyst  with  skills  in  J2EE,  Java, 
Websphere,  Visual  Age,  Oracle. 
SQL,  VB,  ASP.  ASP  Net,  VB.Net, 
DB2.  Unix.  BS  or  equivalent 
required  Please  contact  raghu- 
ponnala@icsa-us.com.  EOE 

IT  specialists  wanted  by 
ARWANO,  Inc.  for  various  posh 
tions  using  Oracle,  SQL.  VB. 
C/C++,  SAP,  Web  technology 
Java,  JavaScript.  We  are  small 
but  stable  Minimum  is  BS 
degree.  IT  experience  preferred. 
Travel  required  for  some  posi¬ 
tions.  Please  apply  at 
waseem@arwano  com,  EOE. 
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SYSTEM  ANALYST/PROGRAMMER 


The  successful  candidate  will  be  responsible  for  the  design  and 
development  of  software  applications  with  Microsoft  tools  in  a  retail 
environment;  using  Visual  Studio  toolset,  specifically  Visual  Interdev, 
Visual  Basic  and  SQL  Server  Stored  Procedures  to  build  the  application. 
Requires  B.S.C.S.  or  equivalent.  Four  years  experience  in  computer 
analysis,  design  and  coding;  including  two  years  experience  in 
designing  and  developing  web  applications  using  Microsoft  tools, 
including  Visual  Studio,  Visual  Basic,  Visual  Interdev,  COM,  SQL  Server, 

DTS  and  T-SQL.  Knowledge  of  MTS  and  XML  required. 

Competitive  salary  with  excellent  benefits! 

Send  resume  to  Attn:  IT  Placement  Office  -  TL,  Publix  Super 
Markets,  Inc.,  P.O.  Box  32015,  Lakeland,  FL  33802. 

EOE. 


MTS  -  Web  Technology:  Provide 
seamless  integrated  solutions 
across  all  customer  and  account 
management  functions,  includ¬ 
ing  user-administration,  order¬ 
ing,  bill  inquiry/adjustment,  pro¬ 
visioning/tracking,  and  trouble/ 
repair  by  using  C++,  relational 
database  technology,  scripting 
and  object-oriented  technology; 
analyze  software  requirements 
and  provide  a  solution  based  on 
web  graphical  user  interface  and 
distributed  object  services; 
enhance,  test,  debug  and  main¬ 
tain  developed  modules;  devel¬ 
op  systems  within  existing  Java 
architecture  framework  and 
adhere  to  standards  of  security, 
scalability  and  usability. 
Requires  Bachelors  degree  in 
Computer  Science  or  Electronic 
Engineering  and  two  years 
experience  in  the  job  offered  or 
two  years  experience  as  a  soft¬ 
ware  engineer  using  C++,  rela¬ 
tional  database  technology, 
scripting  and  object-oriented 
technology.  Salary  $67,000  per 
year;  40  hrs  per  wk,  8AM  to 
5PM,  Monday  to  Friday.  To 
apply,  submit  two  (2)  copies  of 
your  resume  to: 

Case  #200203155 
Labor  Exchange  Office 
19  Stamford  St,  1st  fl. 

Boston  MA  02114 


Systems  Engineer  II 
Louisville,  KY 

Humana  Inc.,  a  Fortune  200 
health  benefits  company,  seeks 
a  professional  with: 

•  A  minimum  of  two  years  of 
application  development  experi¬ 
ence  within  two  or  more  of  the 
following  technologies:  MS 
Web  (ASP,  COM,  XML,  .NET, 
VB),  Oracle  (data-warehousing 
a  plus),  and  IBM/DB2  main¬ 
frame. 

•  Healthcare  or  data  warehous¬ 
ing  experience. 

•  Bachelor's  degree  or  technical 
training  equivalent  required. 

We  offer  an  excellent  salary  and 
benefits  package,  including 
immediate  eligibility  for 
health/dental  coverage,  pre-tax 
savings  and  retirement  plans. 

Please  email  resume  to: 
tstate@humana.com  or 
apply  online  at: 
www.humana.com/careers 
HUMANA 

Equal  Opportunity  Employer. 
Drug-free  Workplace. 


Java  Programmer  Analyst. 
Provide  technical  computer  sup¬ 
port  and  user  assistance  in 
developing,  operating,  and 
maintaining  all  web  application 
programs  for  all  divisions  of 
Morley  Companies,  Inc;  main¬ 
tain  existing  web  applications; 
and  prepare  program  documen¬ 
tation.  Must  have  Bachelor's  in 
Computer  Science  or  related, 
and  knowledge  of  AS400  plat¬ 
form,  Web  Sphere  Application 
Server,  and  HTTP  server  for 
IBM.  EJB,  Java,  JSP,  & 
Javascript..  Send  resume: 
Morley  Companies,  Inc.,  Attn: 
Richard  Mott,  One  Morley  Plaza, 
Saginaw,  Ml  48603. 


Software  Development  Engineer 
(multiple  openings).  Req. 
Master's  degree  in  CS,  Info. 
Systems,  or  Computer  Eng., 
and  3  yrs.'  exp.  in  the  job  offered 
or  3  yrs.'  exp.  in  computer  sys¬ 
tems  dev.  One  year  of  stated 
exp.  must  incl.  the  following:  use 
of  Rational  Unified  Process  dev. 
methodology  util.  Unified 
Modeling  Language  &  Database 
Design  Tools;  dev.  of  Ntier 
applies,  using  .NET  architecture; 
integration  of  Bloomberg  finan¬ 
cial  data  into  custom  financial 
applies.;  dev.  of  securities  lend¬ 
ing  system.  Lead  research, 
design,  and  dev.  of  the  core  pro¬ 
cessing  system  of  the  compa¬ 
ny's  Securities  Lending  System, 
Metropolitan  Enterprise  Trans¬ 
action  System  (METS). 
Analyze,  formulate,  design,  & 
develop  specifications  for  pro¬ 
posed  computer  system  incl. 
developing  use  case  models  & 
use  case  scenarios  using 
Rational  Unified  Process  util. 
Unified  Modeling  Language  & 
Database  Design  Tools.  40 
hours/wk.  Apply  with  resume  to: 
Michelle  Eyink,  Human 
Resources  Manager,  Metro¬ 
politan  West  Securities,  LLC, 
11440  San  Vicente  Boulevard, 
3rd  Floor,  Los  Angeles,  CA 
90049.  NO  PHONE  CALLS  OR 
THIRD  PARTY  AGENCIES 
PLEASE. 


Software  Engineer/Manager: 
Design  &  develop  software  sys¬ 
tems  through  implementation  of 
structured  technologies,  execute 
software  development  life  cycle 
phases,  testing  &  validating  of 
programs  solving  engineering 
problems,  develop  detailed  tech¬ 
nical  requirements  &  specifica¬ 
tions,  perform  quality  assurance 
tasks  of  configuration  &  risk 
assessment;  provide  manage¬ 
ment  &  technical  direction  to 
project  personnel;  exercise  per¬ 
sonal  judgment  &  analytical 
skills.  Responsible  for  all 
aspects  of  project  performance 
&  administration.  Must  have: 
Bachelor'sin  Engineering,  Comp 
Sci.  or  Info.Techn.  &  2  yrs  expe¬ 
rience  in  job  offered.  M-F,  40 
hrs/wk,  $93,000.00/yr.  Respond 
to:  Case  #200202921,  Labor 
Exchange  Office,  19  Staniford 
St.,  1st  Fl.  Boston,  MA  02114. 


SR.  PROGRAMMER  ANALYST. 
Responsibilities  include  analy¬ 
sis,  development  &  design  of 
multi-tier  software  apps  using 
UML/Rational  Rose,  Java, 
J2EE,  XML,  XSLT,  HTML, 
DHTML,  JavaScript,  CSS, 
Oracle,  Windows  &  Solaris. 
Design  &  development  of  inven¬ 
tory/order  mgt  apps  using  Java, 
J2EE,  XML,  Oracle,  Vitria  & 
Metasolv's  suite  of  pkgs  such  as 
OMS  &  Objectel.  Min.  1  yr  doc¬ 
umented  exp.  a  must.  Requires 
BS  in  Electrical/Electron.  Eng., 
Comp.  Sci.,  Comm.  Eng.  or 
equiv.  &  documented  evidence 
of  authority  to  work  in  U.S.  See 
website  for  more  info,  www.telu- 
ni.com.  Fax  (559-751-2899)  or 
mail  resume  to  6731  W.  121st 
St.,  Suite  217,  Overland  Park, 
KS.  66209.  No  phone  calls  or 
walk-ins  please. 


User  Systems  Development 
Analyst.  Work  Sched  9:00AM- 
5:30PM  40  hrs/wk.  $86,746.40 
P/A.  Design  &  develop  MS  SQL 
6.5  &  Sybase  databases,  & 
design,  code  &  implement  multi 
tier  application  systems  for 
point-of-sale  vehicle  &  compo¬ 
nent  marketing  &  remarketing, 
finance  maintenance  &  electron¬ 
ic  document  printing  utility  (Doc 
Print)  systems.  Design,  imple¬ 
ment,  code  &  maintain  point-of- 
sale  applications  for  vehicle 
dealers.  Lead  team  of  3 
Analysts.  Perform  development 
of  applications,  including  launch 
&  support  of  business  applica¬ 
tions  running  in  a  client-server 
based  environment  using  Visual 
Basic  (VB)  &  other  tools  &  col¬ 
lection  &  analysis  of  user 
requirements,  design  database 
structures  &  import  data  from 
client  server  &  mainframe  sys¬ 
tems  using  SQL.  Design,  devel¬ 
op  &  maintain  multi  tier  applica¬ 
tions  in  VB,  divided  into  Client 
Services  &  Retailer  Services 
used  to  create  quotes;  view 
vehicle  returns,  balance  to 
maturity,  auction  schedules,  & 
vehicle  locations;  identify 
prospects;  evaluate  customers 
from  remarketing  information; 
analyze  rates  &  residuals  credit 
applications;  &  print  electronic 
contracts.  Develop  Business 
objects  &  Data  objects  (middle 
tier)  using  Microsoft  Transaction 
Server  (MTS).  Development, 
implementation,  maintenance  & 
deployment  of  application  using 
ASP,  Windows  NT  4.0,  VB  6, 
HTML,  3rd  party  Far  point 
ActiveX  controls,  JANUS  grid 
controls,  Active  Reports,  ADO 
2.1,  Microsoft  Transaction 
Server  (MTS),  Microsoft  mes¬ 
sage  Queue  Server  (MSMQ), 
Visual  Source  Safe  for  Source 
Control,  &  SQL  Server  6.5. 
Develop  'n'-tier  architecture 
applications  using  RDS  & 
Distributed  COM  methodolo¬ 
gies.  Bachelor  (or  equivalent), 
Computer  Science  or  Statistics 
&  Systems  Management.  3 
Years  exp.  in  Job  or  Related 
Occupation  of  Systems  Analyst. 
3  yrs.  of  Related  Occupation 
exp.  must  include  development 
&  support  of  multi  tier  business 
applications  running  in  a  client- 
server  based  environment  using 
VB,  &  design  of  database  struc¬ 
tures  &  imported  data  from  client 
server  or  mainframe  systems 
using  SQL,  which  may  be  con¬ 
current  with  Related  Occupation 
exp.  Employer  Paid  Ad.  Send 
resume  to  MDCD,  PO  Box 
11170,  Detroit,  Ml  48202, 
Ref.#211813. 


COMPUTER/IT 

SAP  Developer  (multiple  open¬ 
ings).  (Memphis,  TN).  Req. 
Bachelor's  degree  or  equiv.  for¬ 
eign  educ.  in  comp,  science  or 
related  eng.  field  &  2  yrs.’  exp.  in 
the  job  offered  or  2  yrs.'  exp.  in 
design,  development,  &  mainte¬ 
nance  of  SAP  R/3  Sales  & 
Distribution  (SD),  Prod.  Planning 
(PP),  &  Materials  Mgmt.  (MM) 
modules  utilizing  ABAP/4  in  a 
mfg.  envt.  All  stated  exp.  must 
involve  each  of  the  following: 
development  &  implementation 
of  technical  specs,  based  on 
functional  reqs.;  ALE  (App.  Link 
Enabling)  /  IDOC  configuration; 
Output  Control;  BAPI's 
(Business  App.  Programming 
Interfaces);  BDC's  (Batch  Data 
Communication);  &  performance 
tuning.  Engage  in  design, 
development,  &  maintenance  of 
SAP  R/3  SD,  PP,  &  MM  modules 
utilizing  ABAP/4  in  a  mfg.  envt. 
40  hrs./wk.  8:00-5:00.  Apply 
with  resume  to  Melanie  Russell, 
International  Paper  Co.,  4070 
Willow  Lake  Blvd.,  Memphis,  TN 
38118.  EOE.  Reference  #0717 
when  applying. 


Positions  are  available  for  a 
Senior  Solution  Architect  -  PCS 
and  a  Senior  Analyst,  Client 
Services  with  a  technology  solu¬ 
tions  company  in  Atlanta, 
Georgia.  The  company  archi¬ 
tects  and  designs  next  genera¬ 
tion  software  for  point-of-sale 
and  Internet  systems  in  the  retail 
industry  including  entertainment, 
petroleum  with  convenience  or 
food  stores,  and  restaurants. 
The  Senior  Solution  Architect  - 
PCS  is  primarily  responsible  for 
providing  guidance,  direction, 
support  and  Petroleum  & 
Convenience  Store  (PCS) 
industry  expertise  to  clients  and 
consulting  team  members  dur¬ 
ing  entire  project  lifecycle. 
Candidates  for  this  position 
should  possess  a  Bachelor's 
degree  in  business  manage¬ 
ment  or  the  equivalent  through 
any  combination  of  education 
and/or  experience  and  at  least 
five  years'  experience  in  man¬ 
agement  in  PCS  or  similar 
industry,  including  analyzing  and 
evaluating  PCS  or  similar  indus¬ 
try  operations  with  a  focus  on 
analyzing  industry  practices  and 
trends;  including  two  years' 
experience  with  technology 
implementation  in  PCS  industry, 
application  programming,  sys¬ 
tems  analysis  and  management, 
or  business  process  analysis 
and  re-engineering;  quantitative 
tools  and  techniques  for  plan¬ 
ning,  scheduling,  and  controlling 
technology  implementation  pro¬ 
jects;  mentoring  and  evaluating 
fellow  employees;  and  defining 
requirements  for  user  documen¬ 
tation  and  conducting  classroom 
training  for  end  users. 

The  Senior  Analyst,  Client 
Services  is  primarily  responsible 
for  coordinating  delivery  of  client 
service  components  during  the 
life  cycle  of  the  client  relation¬ 
ship. 

Candidates  for  this  position 
should  possess  a  Bachelor's 
degree  in  any  field  and  at  least 
six  months'  experience  in  pro¬ 
ject/program  coordination  in  a 
customer  service  or  client  ser¬ 
vice  environment. 

Apply  by  resume  to: 

Vickie  Olsen 
Radiant  Systems,  Inc. 

3925  Brookside  Parkway 
Alpharetta,  Georgia  30022 


Senior 

Programmer  Analysts 

We  are  looking  for  experienced 
programmers  with  the  following 
skills:  at  least  2  years  experi¬ 
ence  with  Microsoft  VBscript, 
HTML,  Active  X,  Jscript  and 
ASP/ll,  SQL  Server,  Crystal 
Reports,  PL/SQL  and  Loan- 
Quest  mandatory.  A  degree  in 
Computer  Science  or  Infor¬ 
mation  Technology  is  required. 
Must  have  excellent  communi¬ 
cation  skills,  both  verbal  and 
written.  Excellent  technical  peer 
group  to  work  with.  Some  travel 
may  be  required.  For  consider¬ 
ation,  please  fax  your  resume  to 
(904)  356-1099  or  e-mail  to 
hr@MortgageFlex.com  NO 
THIRD  PARTY.  For  further  info 
go  to  www.mortgageflex.com 


AgreeYa  Solutions  is  hir¬ 
ing  all  levels  of  Progra¬ 
mmer/Analysts  and  Soft¬ 
ware  Engineers.  The  Sr. 
Software  Engineers  posi¬ 
tions  req  a  Bach 
deg/equiv  &  5  yrs  exp  or 
Master  deg/equiv  &  3  yrs 
exp.  Send  resumes  to  90 
Blue  Ravine,  Suite  155, 
Folsom,  CA  95630.  Will 
be  assigned  to  client-sites 
nationwide. 


Information  Specialist  -  Develop, 
engineer  and  support  Legacy 
OpenVMS  applications,  includ¬ 
ing  DECforms,  ACMS 
(Application  Control  Manage¬ 
ment  System)  and  Decdtm 
transaction  management  and 
processing  products  using  C, 
BLISS  and  Alpha  Assembly  lan¬ 
guages  and  processor  architec¬ 
ture;  develop  and  architect 
newer  versions  of  transaction 
management  and  processing 
products;  support  and  problem- 
solve  current  products;  support 
and  enhance  TPWare  products 
on  Windows  and  UNIX  that 
interface  and  access  legacy 
applications  running  on 
OpenVMS  systems;  provide 
technical  lead  and  training  to  off¬ 
shore  engineering  teams. 
Requires  Bachelors  degree  in 
Computer  Science  and  either 
five  (5)  years  experience  in  job 
offered  or  five  (5)  years  in  engi¬ 
neering  on  OpenVMS  applica¬ 
tions  with  C,  BLISS,  and  Alpha 
Assembly  and  processor  archi¬ 
tecture  on  OpenVMS  platform. 
Salary:  $85, 383. 15/year;  40 
hrs/wk,  8AM  to  5PM,  Mon-Fri.  To 
apply,  submit  two  (2)  copies  of 
resume/letters  of  application  to 
Job  Order  2003-308,  P.O.  Box 
989,  Concord,  NH  03302-0989 


Computer  Support  Specialist  - 
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Offshore 

veloping  the  best  practices. 
There  is  “an  increasing  scale 
of  risk  and  reward  in  the  kinds 
of  functions  you  take  off¬ 
shore,”  Salters  said. 

The  reward  is  potentially 
lower  costs.  U.S.  companies 
have  been  racing  to  use  off¬ 
shore  services,  and  market  re¬ 
search  firms  such  as  Gartner 
Inc.  are  predicting  an  acceler¬ 
ation  of  the  rush.  By  the  end  of 
next  year,  Gartner  expects  that 
one  out  of  every  20  IT  jobs  at 
user  companies  will  have 
moved  offshore. 

“The  floodgates  have  just 
opened,”  said  Kumar  Mahade- 
va,  CEO  of  Cognizant  Tech¬ 
nology  Solutions  US  Corp.,  a 
Teaneck,  N.J.-based  offshore 
services  provider.  “At  this 
point,  we  got  into  a  situation 
where  the  industry  as  a  whole 
is  almost  constrained  by  how 


Continued  from  page  1 

Competing 

in  their  schedules,  “your  whole 
organization  will  benefit  from 
adding  talent  without  adding 
cost,”  said  Saunders. 

Chip  Express  Corp.,  a  custom 
chip  manufacturer  in  Santa  Clara, 
Calif.,  hired  Ariesnet  to  redesign 
its  Web  site. 

“Developers  in  India  are  very 
capable  of  coding  and  providing 
what  you  ask  for,”  said  Heather 
Savage,  the  marketing  communi¬ 
cations  manager  at  Chip  Express 
who  managed  the  project.  “But 
that’s  not  all  I  need,”  she  added. 
Savage  said  that  although  she 
considered  offshore  developers, 
she  ultimately  valued  the  easy 
access  she  had  to  Ariesnet’s 
Web  developers  and  felt  she  was 
working  in  partnership  with  the 
company. 

Another  outfit  taking  on  off¬ 
shore  developers  is  Real-Time 


fast  it  can  grow,”  he  added. 

Offshore  outsourcing  of 
production  support  and  other 
IT  infrastructure  operations  is 
a  niche  activity  today.  But  ana¬ 
lysts  at  Meta  Group  Inc.  pre¬ 
dict  that  in  the  next  several 
years,  as  much  as  40%  of  pro¬ 
duction  support  may  be  man¬ 
aged  offshore. 

Two  months  ago,  the  mem¬ 
bers  of  the  FSTC  —  a  who’s 
who  of  financial  services  com¬ 
panies,  including  J.P.  Morgan 
Chase  &  Co.,  Bank  of  America 
Corp.,  Citigroup  Inc.  and 
Wells  Fargo  &  Co.  —  met  to 
discuss  how  they  could  reduce 
offshore  risks. 

Work  is  under  way  to  exam¬ 
ine  offshore  security,  privacy, 
business  continuity  and  con¬ 
tract-cancellation  issues  asso¬ 
ciated  with  offshore  manage¬ 
ment  of  onshore  applications. 
The  goal  is  to  complete  a  best- 
practices  report  by  the  end  of 
the  year. 


Technology  Solutions  Inc.  in  New 
York.  Earlier  this  month,  the  com¬ 
pany  announced  a  service  called 
Onshore  Automated  Testing, 
which  has  enabled  it  to  reduce 
prices  by  offering  remote  testing 
services  instead  of  having  its  em¬ 
ployees  go  on-site. 

Some  service  providers,  such 
as  Deloitte  Consulting  in  New 
York,  say  they’re  competing  by 
operating  offshore  development 
centers  that  combine  the  best  of 
both  worlds:  low  cost,  plus  value- 
added  integration  and  business¬ 
consulting  expertise. 

Some  users  of  offshore  ser¬ 
vices,  meanwhile,  recommend 
against  trying  to  compete  directly 


Risk  Reduction 


Financial  services  firms  are 
working  together  to  mitigate 
the  risks  of  managing  live  IT 
processes  offshore.  Those 
processes  involve: 


PRODUCTION  SUPPORT:  Real¬ 
time  support  of  applications,  trou¬ 
ble-ticket  fixing,  patches,  help  desk 


INFRASTRUCTURE  SUPPORT: 

Close  cousin  of  production  support; 
includes  network  management, 
server  capacity  management 

with  vendors  and  financial 
services  groups  such  as  the  fi¬ 
nancial  industry  consortium 
BITS  in  Washington.  The 
group  recently  updated  two 
outsourcing  guideline  docu¬ 
ments  to  include  overseas  pro¬ 
duction  support. 

The  BITS  reports  offer 
guidelines  for  complying  with 
regulations.  The  second  of  the 
two  documents,  available  for 


with  providers  in  India  and  else¬ 
where. 

“I  think  U.S.  companies  can 
compete,  but  it  won’t  be  as  the 
low-cost  provider,”  said  Ron 
Glickman,  CIO  at  DFS  Group 
Ltd.,  a  San  Francisco-based 
company  that  operates  duty-free 
shops  primarily  at  airports  world¬ 
wide. 

Instead,  Glickman  said,  U.S. 
firms  need  to  focus  on  strategies 
that  provide  expertise  beyond 
what’s  available  from  offshore 
development.  “I  think  getting 
complementary  with  offshore  is  a 
more  important  strategy  than 
getting  competitive  with  off¬ 
shore.”  he  said. 


public  comment  through  Oct. 
28,  suggests  guidelines  for  se¬ 
curity  audits,  vendor  manage¬ 
ment  and  cross-border  rela¬ 
tionships. 

“What  we  were  looking  to 
do  for  our  members  is  develop 
risk  mitigation  tools  that  the 
industry  can  use  to  identify 
and  understand  the  controls 
service  providers  are  using . . . 
around  things  like  access 
[and]  communications,”  said 
Faith  Boettger,  the  senior  con¬ 
sultant  in  charge  of  the  BITS 
initiative. 

The  FSTC  seems  to  be  tak¬ 
ing  a  more  tactical  approach. 
For  instance,  it  will  look  at 
data-masking  technologies  and 
offer  guidelines  on  technology 
features.  IT  vendors  are  look¬ 
ing  for  technology  guidance 
from  the  group,  said  Salters. 

By  participating  in  this  ef¬ 
fort,  companies  may  be  shar¬ 
ing  competitive  information. 
But  Salters  said  that  if  any 
firm  makes  a  mistake  in  man- 


One  thing  that’s  made  off¬ 
shore  providers  attractive  is  the 
quality  of  their  work,  said  Paul 
Fielding,  who  is  in  charge  of  off¬ 
shore  initiatives  in  application  de¬ 
velopment  at  a  financial  services 
firm  that  he  asked  not  be  named. 

Fielding,  who  was  at  offshore 
provider  Cognizant  Technology 
Solutions’  user  conference  in 
Key  Biscayne,  Fla.,  last  week, 
said  that  although  costs  are 
prompting  U.S.  firms  to  look  off¬ 
shore,  it’s  the  quality  of  the  work 
that  keeps  them  there. 

Fielding  said  India’s  develop¬ 
ers  are  more  disciplined  about 
coding  than  U.S.  developers  are. 
The  U.S.  software  industry  was 
spawned  by  brilliant  and  creative 
people  who  focused  on  innova¬ 
tion,  not  quality,  he  said.  “That 
culture  persists  even  today," 
Fielding  said,  “but  now  people 
depend  on  this  technology  as 
though  it  were  a  manufactured 
product.” 

-  Patrick  Thibodeau 


aging  offshore  operations, 
there  could  be  ramifications 
from  lawmakers  and  regula¬ 
tors  for  everyone  in  the  indus¬ 
try.  “It’s  really  not  considered 
a  proprietary  issue  at  this 
point,”  he  said.  O  42182 


Bank  Awards  IBM 
$543M  Contract 

BY  JUAN  CARLOS  PEREZ 

IDG  NEWS  SERVICE 

TD  Bank  Financial  Group  in 
Toronto  has  decided  to  out¬ 
source  the  management  of  its 
PC  and  network  infrastructure 
to  IBM  in  order  to  devote  more 
IT  resources  to  developing  new 
financial  services,  IBM  an¬ 
nounced  last  week. 

The  seven-year,  $543  mil¬ 
lion  deal  calls  for  IBM  to  man¬ 
age  and  support  over  40,000 
PCs  and  to  transform  and  re¬ 
vamp  the  existing  data  net¬ 
work,  IBM  and  TD  Bank  offi¬ 
cials  said.  “It’s  an  effort  to  fo¬ 
cus  greater  energy  on  our  core 
business,”  said  Neil  Parmenter, 
a  bank  spokesman. 

Financial  services  compa¬ 
nies,  which  are  in  a  fiercely 
competitive  market,  have  to 
create  innovative  services  to 
distinguish  themselves,  said 
Garth  Issett,  vice  president  of 
strategic  outsourcing  at  IBM 
Global  Services  Canada.  That 
market  dynamic  is  prompting 
banks  to  outsource  IT  tasks 
that  external  providers  can 
handle  more  efficiently  and  at  a 
lower  cost,  he  said. 

The  contract  became  effec¬ 
tive  late  last  month,  and  the 
work  has  already  started,  Issett 
said.  About  370  of  the  bank's 
IT  employees  have  been  trans¬ 
ferred  to  IBM.  The  bank  is  a 
longstanding  client  of  IBM,  but 
this  is  the  first  outsourcing  deal 
between  them,  Issett  said. 

The  services  IBM  is  provid¬ 
ing  include  help  desk  phone 
support,  dispatching  techni¬ 
cians  for  on-site  work  at  the 
bank,  and  maintaining,  upgrad¬ 
ing  and  acquiring  PCs. 

©  42215 


I  think  U.S.  compa¬ 
nies  can  compete, 
but  it  won’t  be  as  the 
low-cost  provider. 

RON  GLICKMAN,  CIO,  DFS  GROUP  LTD. 


The  FSTC  will  also  work 
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DCML:  Less  Is  More 


IF  YOU’VE  BEEN  TRYING  to  figure  out  what  this  new  Data 
Center  Markup  Language  is  all  about,  you’re  not  alone.  And 
there’s  a  lot  to  figure  out,  if  DCML’s  backers  at  EDS,  Opsware, 
Computer  Associates  and  BEA  are  to  be  believed.  DCML  is 
for  data  center  management.  And  grid  computing.  And  utility 
computing.  And  disaster  recovery.  And  just  about  any  other  buzz¬ 
word-compliant  IT  function  making  the  rounds  these  days.  It  all 
sounds  pretty  grandiose. 

But  DCML  is  a  lot  less  than  it  seems.  And  that’s  a  good  thing. 
What  is  DCML?  It’s  text.  Highly  structured  text,  sure.  Text  that’s 


as  full  of  tags  as  the  thickest  HTML.  Text  that’s 
never  going  to  qualify  as  anybody’s  choice  for 
bedtime  reading. 

But  it’s  not  a  protocol.  It’s  not  a  programming 
interface.  It’s  not  a  middleware  framework.  At 
its  core,  DCML  is  just  a  lot  of  words. 

Specifically,  it’s  a  lot  of  words  that  describe 
what’s  in  your  inventory  of  IT  systems  and  soft¬ 
ware,  and  how  those  systems  and  applications 
fit  together,  and  what  your  best  practices  are 
for  running,  managing  and  maintaining  it  all. 

And  all  that  data  about  your  IT  setup  is  for¬ 
matted  using  a  standard  set  of  XML  tags.  It’s 
not  specially  encoded  or  compressed,  or  sub¬ 
jected  to  any  other  complications  or  propri¬ 
etary  hacks. 

Which  means,  in  theory,  that  it  should  be  us¬ 
able  by  any  vendor  that  has  signed  on  to  sup¬ 
port  DCML.  And  maybe  —  though  no  one  is  ab¬ 
solutely  sure  how  this  will  come  together  — 
we’ll  be  able  to  use  that  information  to  solve 
data  center  problems  and  make  better  use  of  IT 
for  things  like  utility  computing. 

Oh  yeah  —  and  after  all  the  years  that  the  IT 
press  and  pundits  have  sung  the  praises  of 
XML,  corporate  IT  shops  will  finally  get  the 
chance  to  taste  that  XML  dog  food 
for  themselves.  (And  if  we  can’t  get 
XML  working  for  data  center  man¬ 
agement,  for  once  we  won’t  be  able 
to  blame  it  on  those  clueless  non¬ 
technical  users.) 

So  if  DCML  is  just  a  lot  of  text 
formatted  with  XML  —  if  it’s  really 
that  simple  —  what’s  so  hard  to  fig¬ 
ure  out? 

Answer:  DCML  is  simple.  But  the 
things  that  vendors  are  promising 
we  can  do  with  it  are  complex.  And 
so  are  the  things  we’re  trying  to  de¬ 
scribe  with  it. 


And  that’s  the  way  it  should  be.  Because  the 
more  complex  the  problem  we’re  trying  to 
solve,  the  less  complicated  we  need  the  tech¬ 
nology  to  be. 

We  want  to  push  the  technical  complexity 
down  into  the  infrastructure  —  the  networks, 
the  servers,  the  storage  systems.  We  want  to 
clear  out  as  much  complexity  as  possible  from 
any  new  technology  that’s  supposed  to  make 
them  all  work  together. 

Which  is  why  DCML  isn’t  a  protocol.  Or  a 
programming  interface.  Or  a  middleware 
framework.  Those  things  can  be  useful,  but 
they  bring  a  lot  of  complex  technical  baggage 
with  them.  And  we  end  up  spending  a  lot  of 
time  and  effort  wrestling  with  those  complexi¬ 
ties  instead  of  solving  business  problems. 

DCML  is  intended  to  be  simple,  lightweight 
and  hard  to  get  wrong.  The  complexity  is  in  the 
information  and  the  business  problem,  not 
DCML  itself. 

That  should  give  vendors  less  opportunity  to 
foul  up  their  DCML  implementations.  It  should 
also  make  it  a  little  harder  for  us  to  foul  up  with 
DCML,  too. 

It’s  a  good  idea.  Will  it  work?  We’ll  see.  The 
first  version  of  the  DCML  specifi¬ 
cation  is  due  to  be  published  in  De¬ 
cember.  After  that  comes  the  tough 
task  of  applying  DCML  to  real  data 
center  management  challenges. 

Then,  eventually,  we’ll  get  our 
taste  of  DCML.  And  yes,  I’m  hop¬ 
ing  this  less-is-more,  simpler-is- 
better  approach  works.  Because 
the  problems  IT  is  trying  to  solve 
—  inside  and  outside  the  data  cen¬ 
ter  —  are  just  going  to  get  more 
complex. 

And  the  less  we  have  to  figure 
out,  the  better.  ©  42149 


frank  hayes,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@computerworld.com. 


Better  Late  Than  Never 


This  pilot  fish  is  up  ail  night  troubleshooting  a  tailed 
payroll  job,  but  the  IT  director  sees  him  stumble  in  at 
9:30  a.m.  Furious  at  this  “tardiness,”  dir  ector  fires  off  a 
memo:  From  now  on,  work  starts  at  8  a.m.  and  stops 
at  5  p.m.  -  no  exceptions.  “The  next  time  operations 
staff  called  in  the  wee  hours,  they  were  told  we 
couldn’t  help  until  8  am,"  fish  says.  "After  some  late 
payroll  runs,  the  director  was  fired  and  the  more  re¬ 
laxed  work  rules  were  restored.” 
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Tech  pilot  fish  ji  yi# 
discovers  this  |  All  (life 
point-of-saie 

What  It  Says 


don’t  get  the 
notice” 


PC’s  LAN  drivers  are 
missing,  so  he  calls  the 
help  desk.  “All  you  need 
to  do  is  download  the 
files  off  the  server,”  help 
desk  tech  says.  But  the 
PC  can’t  talk  with  the 
server,  fish  points  out. 
“Then  use  a  patch  cord 
to  connect  directly  to  the 
server,”  desk  tech  sug¬ 
gests.  You  want  me  to 
patch  into  the  LAN  to 
download  files  so  it  can 
talk  on  the  LAN?  sput¬ 
ters  fish.  Silence,  then 
help  desk  tech  says, 
"Maybe  you  shouldn't 
he  in  this  line  of  work.” 


But  They’re 
Just  Taxpayers 

When  pilot  fish  at  this 
government  agency  goes 
on  paternity  leave, 
sets  up  his  e-mail  ac¬ 
count  so  a  poirte  “out  of 
office”  response  is  sent 
automatically.  Except  it 
isn’t,  he  discovers;  IT 
configured  the  e-mail 
system  so  only  those  in 
the  office  will  receive  m 
“out  of  office”  message, 
not  outsiders.  Grumbles 
iiSfli,  hi  Diner  worms*  me 
people  most  likely  to 
need  to  use 
first  place  - 
just  walk  down 
or  dial  your 


;  It’s  1985,  and  this  com- 
i  puter  room  has  a  big, 

!  red  panic  button  next  to 
j  the  door -and  stuck  to  it 
;  is  a  yellow  Post-it  re- 
|  minding  workers,  “Log 
j  out.”  When  a  user  is 
j  brought  in  to  delete  cer- 
j  tain  fifes,  she’s  watched 
j  like  a  hawk  -  but  ail  goes 
i  well  until  she’s  done  and 
'  a  supervisor  reminds  her 
I  to  log  out  before  leaving, 
j  “She  marched  to  the 
)  door  and  bashed  the  big. 

I  red  button  that  said,  Tog 
f  out,'  ”  sighs  a  pilot  fish 
•  on  scene.  “It  took  five 
j  days  to  recover.” 


I  Smokin’! 


Computer  store  donates 
11  PCs  to  a  local  high 
school.  White  store  s 


up,  he  reels  off  its  fen- 


s  smokina; 

|  SDflDOi  II 


j  is  standing  nearby.  Yep, 
I  blazing  fast,  tech  i 


OFEED  THE  SHARK!  Send  your  true  tales  of  IT  life  to 
sharky@computerworM.CGsn.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 


tkf, 


-yt  / 


p^f  : 


feiwKSw 


Attend  the  leading 
conference  for: 


m 

'■XPy* 


p#tf 
%/  v  I 

■  SifokA* 

' 

/  •*  , 

\  !>^ 


'  •  *■.  <c 


;<#s£ 

-  *  * 

'  ^  '•  i*’ 

*'>•:•?  d£-’ 


Hr-  ■  *  * 

^  4*  S%+/Jr~  i  \  \  if 

T  l  y 

y  •  t;*  SR  '  ✓ 

-JL  —  w?  «/•::  v;.W  *»  ^  ^HH'  ■•  X  « 

Hear  from  the  World’s  Top  IT  Executives 


STORAGE 

NETWORKING 

WORLD 

,Ji 


October  27-30, 2003 

JW  Marriott  Grande  Lakes  Resort 
Orlando,  Florida 

Co-owned  and  Produced  by;  .  Co-owned  and  Endorsed  by 


COMPlTTERWORLD^r 


STOWAGE  T>T~ i  nm 

™^BhM 

PRACTICES  IN 

STORAGE 


AWARDS  PROGRAM 

COftdPVTDfWORLB  !  cJcL/ 


Awards  program 
and  ceremony 
sponsored  by: 

EMC2 

where  information  lives 
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Program  nominations  and  information: 

www.computerworld.com/bestinstorage 


I IXU  txu 


Learn  from  Top  IT  Executives  Including: 


PLATINUM  SPONSORS 


adic 

I 

Cues  Stitiii 

(@ 

•  Computer  Aeeooetee* 

—  -* - e —  — *  ♦♦  4BrY  n  />  a  r\  C 

L  J  T/^tk 

s aaaprec  .  jq  }jjp  brocade 

* 1  ARK.IVIO  ““ 

riuncoi 

Intelligent  St' 

orege" 

(DITI  EMC1  ^  EMULEX 

|  wtwrt  information  lives 


HITACHI 

•  A  T  A  ITIIIHI 


Intel 

panasas 


IMODATA  Microsoft 


& 


I tO' 


Quantum 


Seagate 


GOLD  SPONSORS 


CommVault 

Systems 

www.commraulLcom 


□ 

Iomega 


u  Creek  Path  CROSSROADS 

I  LEGATO 


NORTEL 

NETWORKS 


SONY 


D*LL 

OX 

NetApp' 

®o™. 

<&Sun 


LCNSlf  STOBSIBILITY 


Symantec.  iVfKtort  Xiotech  Xr 

Storage  Networking  Workf  Fall  2003  Sponsors  as  of  10/15/03 


CONTRIBUTING  SPONSORS 


DECRU 


DILIGENT 


r?7777n 

iNvio 

kasterfchase  Lefttt§Qd<::  / 

^£2&T"  fiStor  ONStojr0 


«IDC 

Aiaiyn  tin  Fururr 

iReadir 

f53aat'_ 


Gverlond  C* 

SHI*" 


I'OIttl 


TidalWire 


'•tollmans 


MEDIA  SPONSORS 
COkPVTERWORLD  fcT^WXWDftt  MrWbrid 

BioJTWorW  DSstur  INKKTOH 
ynsurnoOrt*  i«b«tof  com  " 

s^rm  is^n  fc  ss* 

TRAINING  PARTNERS 

-^5b 

PARTNER  PAVILION  SPONSOR 

Microsoft 

GOLF  OUTING  SPONSOR 
Quantum 


For  more  information  visit  www.snwusa.com/print  or  can  1-800-883-9090  (1-508-820-8159) 


Dell  Handles  125,000 

Transactions  Per  Hour  With  Oracle 

D0LL' 


Del!  counts  on  Oracle  on  Linux  to  handle 
customer  orders  every  day. 

What  do  you  run? 


oracle.com/success/dell 
or  call  1.800.633.0759 


Copyright  ©  2003,  Oracle  Corporation.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates.  Other  names  may  be  trademarks  of  their  respective  owners. 


